Here’s an exercise every registered investment advisor (RIA) firm should walk through. It’s 3 a.m. A malicious actor creates an admin account and launches an attack on your firm. You won’t come out unscathed in any of the options, but the degree of damage will depend on the response of your IT support team.
3 Ways a Cyberattack Could Unfold
Scenario 1: Unmitigated disaster
- 3 a.m. – The attack is launched and remains unnoticed for months. The criminal has free reign over your data.
Scenario 2: Too little, too late
- 3 a.m. – An alert is generated and is sent to your IT team (internal or external).
- 9 a.m. – When your tech team starts their day, they notice the alert and the damage caused by 6 hours of unfettered access to your company data and client files.
Scenario 3: Rapid response
- 3 a.m. – An alert is generated and is sent to your outsourced IT provider who immediately responds.
- 3 a.m. to 5 a.m. – Your IT partner actively battles the threat.
- 5 a.m. – Your internal IT director is brought into the situation and is briefed on what’s happening.
- 7 a.m. – Your insurance company is engaged.
- 8 a.m. – The system is cut off from the outside world, preventing the criminal from accessing any other files in your system.
Did you pick option three? We thought so
The clear choice is the third option, where damage is significantly decreased because an experienced outsourced IT provider pounces on the threat, locks down your system and carries out your incident response plan.
Unfortunately, your current IT team might not offer that level of support
Help-desk-only and basic support packages won’t give you 2/47 threat response services. Even if you don’t think you’ll be hacked (although you are definitely a target), going with the most basic IT support will harm your firm in more day-to-day ways.
Beyond Cyberattacks: IT Support Can Boost the Health of Your RIA Firm
An IT team with a reservoir of experience does more than pounce on cyberattacks. Outsourced IT providers employ individuals with a variety of backgrounds. Collectively, they bring decades of experience to their clients. This knowledge can and should be used by your organization for more than cybersecurity.
Consistent strategic business planning
Too often, when a provider promises strategic IT guidance, it means they’ll come to your business for a half-day meeting once a year. This is inadequate for tackling strategic questions like:
- How do we get the data we need to make good decisions?
- Do we have an infrastructure in place to support growth?
- Can we consolidate our systems, increase efficiency and do more with less?
How we make the right recommendations for your firm
The path to growth for one company could involve automating tasks in their CRM software so employees have more time to work directly with clients. Another may want to improve connectivity in Microsoft Teams so every employee can reliably work remotely. Gaining a deep understanding of your environment and business is the only way we can tailor recommendations for you and your employees.
Does Your Provider Understand Financial Industry Nuances?
If your provider lacks an understanding of financial industry regulations, they could accidentally make a choice that results in a fine for your firm, or worse. You know a severe violation could send you to jail. The stakes are high. Don’t spend your time second-guessing what your provider does on your behalf. Find a partner with proven cybersecurity and financial industry experience.
Do this before you sign a contract
Test what your potential IT partner knows about your industry and strict federal regulations before you agree to work together. Start by asking:
- What measures they’ll take to meet OCIE guidance about cybersecurity
- How they’ll update your hardware and software when new OCIE memos are released
- Which industry publications they read
- If they’ve undergone training, certification or continuing education related to financial services
Where Will Your Firm Be 18 Months After Picking an IT Provider?
Fast-forward 18 months after you sign a contract with a provider. Will you be thinking you made the right decision? Or will you look back on the preceding year and see a jumble of missteps, broken technology and constant headaches?
Outsourcing IT is supposed to remove the burden of technology from your firm
It won’t happen if you’re forced to update your provider every time OCIE releases a memo. Your partner should act on their own accord to keep you compliant when the regulatory body updates its stance on an IT-related issue, like network attached storage devices.
If you had an internal IT team, you’d expect them to know this
If you employed a team of IT professionals, you’d expect them to blend IT expertise and familiarity with the financial industry. We don’t think you should forfeit this knowledge combination just because you’re outsourcing your IT. That’s why I became an Investment Adviser Certified Compliance Professional® and a certified ethical hacker. Our clients can think less about IT and are confident we won’t hamstring their firm with decisions that are contrary to current regulations or cybersecurity best practices.
Elevate Your Firm with Support from itSynergy
Whether you want a partner who will go toe-to-toe with a criminal at 3 a.m. or a strategic advisor who shows up at 3 p.m. to review your latest business plan, we can help. Let’s talk about the ways you can use technology to elevate your firm past your competitors. Call us today: https://itsynergy.com/contact-us/