How can I protect my RIA firm from a cyberattack?

Protecting your RIA firm from cyberattacks begins with proper employee training and hiring processes.

By building a culture of strong cybersecurity awareness at your RIA firm, you will proactively protect the firm, the employees, the clients and their sensitive data. With job-specific cybersecurity training (and cybersecurity software), employees can become an asset in your fight against cyberattacks.

One area that isn’t often addressed in cybersecurity conversations is the hiring process. 

Hiring managers can get play a big part of building a culture of strong cybersecurity awareness by assessing their candidates for cybersecurity hygiene. By pure definition, hygiene means the practices conducive to maintaining health and preventing disease. In this case, hygiene refers to the health of your organization and preventing cyberattacks. In the interview process, you can get a grasp on the candidates current cybersecurity knowledge and willingness to be trained. 

When interviewing new hires, you’ll want to ask questions like:

  • How trainable are they, or how trained are they, in cybersecurity? 
  • Do they already have the basics of understanding in cybersecurity? 
  • What have they learned from their previous job, if any, or from their previous experience? 

If you are interviewing individuals from large organizations, they have likely been exposed to very strict cybersecurity rules, which you can leverage to your advantage. Position these highly trained new hires as leaders, teaching individuals how and why things are done at large organizations to help gain acceptance on some of the cybersecurity initiatives.

Here are a few other questions to help guide a productive conversation around cybersecurity hygiene with new hires: 

  • What training have you had on cybersecurity awareness and prevention? What level of training? How often did they receive training? Once? Once a year?
  • What would you do if you if you thought you clicked on a suspicious link or email? Would they report it immediately?
  • (If they work from home) What cybersecurity protections do you have on your computer, smart devices, or home network? What cyber risks might you face, based on your position within the firm? For administration or office functions, the risks may be phishing emails or suspicious website links. For IT functions, they may need a deeper understanding of the types of risks they may face.
  • Do you understand the severity of a cybersecurity breach for a firm in the financial advisory space? If they are new to the financial industry, are they aware of SEC cybersecurity regulations and fines?
  • Describe the cybersecurity protocols used at your last firm. 
  • Have you ever been victim of a cybersecurity attack? What did you do? This is not to make them uncomfortable or accuse them of not being vigilant, the question is to understand the actions they took afterward and what they took away from that experience.