6 Step Cybersecurity Incident Response Plan for RIA Firms

Below, we discuss how advisory firms can act now to execute an effective cybersecurity incident response plan.

STEP 1 - Do not turn computer off

Do not have employees turn their computers off, but rather disconnect from the network.
This can be completed on a Windows computer by:

  • Clicking on the Start menu.
  • Clicking on “Settings.”
  • Selecting “Network Connections” in the Settings menu.
  • Right-clicking and selecting the “Disable“ option.

STEP 2 - Antivirus/anti-malware scan

Windows users should start a full system antivirus/anti-malware scan on the computer. Most antivirus programs will create an easy access icon in the Windows Desktop Tray (small icons by the clock on the taskbar), which can be used to quickly launch a scan.

Your employees should be comfortable launching these types of scans, and if not, regular IT trainings should take place. Mac users should consult with IT, as the proper steps depend on their specific operating system.

STEP 3 - Contact IT support

Contact IT support immediately. It is important employees share detailed information about their suspicions as soon as possible. IT should secure the exact time of the event (as close as possible), what was experienced, and any information/data which might have been entered into screens or used during the incident. This will ensure that the IT support team can help prevent further compromise.

STEP 4 - Capture correct information

Once the incident is in the hands of IT, have the employee review their notes and verify everything has been clearly and correctly notated. Employees can email the notes to themselves to keep a record of the incident, which should include:

  • The date and time of the incident.
  • What software was being used when the incident occurred.
  • If any files or email attachments were downloaded.
  • What information, if any, was entered into a web browser.
  • If a login occurred, what username and password were used. More importantly, is the same password used with any other accounts or logins.

STEP 5 - Update all passwords

If the employee logged in, ensure they update all passwords that are the same or similar to the password shared with the attackers. The same/similar passwords should never be reused, and now would be the time to change all those passwords and ensure they are each different.

STEP 6 - Report to management

Finally, ensure the incident is communicated with management as soon as possible. Proposed SEC regulations may create more stringent requirements for disclosure and record keeping regarding such attacks. The notes taken in steps three and four will be required for your organization to meet these requirements.

Additionally, RIAs can leverage technology to simplify the process for recording and reporting cyber attacks. A comprehensive solution will not only identify and protect your firm against cyber attacks, but also provide automated processes to streamline the required record keeping and reporting.