itSynergy: Blog
Why It’s Time for RIAs to Select a Cybersecurity Standard
Late March to early April was a tumultuous time. Registered investment advisors (RIAs) and financial firms scrambled to set up remote work IT solutions to stay in touch with clients and colleagues. The tight timeline for adopting new technologies didn’t allow for the vendor assessments, documentation, operating procedures and general best practices you rely on to maintain Securities and Exchange Commission (SEC) compliance. It’s time to get back on track.
Take inventory of what changed
We’re a few months into our “new normal” and tensions are easing. Turn it into an opportunity. Take a step back, look at what’s happened since the pandemic hit and close any security and compliance gaps created by rushing to set up remote work. Go back and review what you’ve done in the past 60 days. Ask and answer questions like:
- What new tools were adopted?
- Are people working over VPNs?
- How are we communicating with clients and trading desks?
Massive operational changes, like working from home, open the door to security and compliance vulnerabilities for your firm. The easiest way to mitigate the risks and prevent future vulnerabilities is to adopt a cybersecurity standard.
For RIAs, Compliance Isn’t Only About Fines or Playing Dodgeball with Auditors
Even though cybersecurity is regularly highlighted as an area the SEC will focus on during inspections, many RIAs say, “I’ll pay the fine” or “I won’t be audited.” Essentially, they’re playing dodgeball with the SEC compliance audits. But the stakes are higher than regulations and fees. Meeting industry regulations shows your clients you’re looking out for their best interests. Plus, the processes your IT partner implements to keep your firm compliant double as risk mitigation strategies.
If you’re hacked, it’s game over
Being compliant protects the value you have in your firm. You won’t be happy to pay a fine to an auditor, but you can probably afford it. A cyberattack will cost hundreds of thousands of dollars – a price too steep for most RIAs. An estimated 60% of businesses will close after an attack. Safeguard your firm now with a cybersecurity standard.
How to Maintain Your IT Compliance Standards in a Post-Pandemic World
COVID-19 unsettled life, changing where we work and how we communicate. To stay on track during the uncertainty, adopt a well-known compliance standard like:
- International Organization for Standardization | (ISO) | ISO/IEC 27032:2012
- Center for Internet Security | (CIS)
- Control Objectives for Information and Related Technology | (COBIT) | 2019
- National Institute of Standards and Technology | (NIST) | Cybersecurity Framework
The Office of Compliance Inspections and Examinations (OCIE), which is the division of the SEC that conducts inspections, isn’t asking you to comply with each standard. They want you to pick one and stick with it. Differences exist, but the standards overlap. Each is a thorough, comprehensive set of guidelines for your firm. When you make your choice, look first at the costs. ISO and CIS require additional investment. ISO also requires audits by someone who is certified.
Why itSynergy chose the NIST Cybersecurity Framework
When you want a low-risk investment choice, you pick a treasury bond because, unlike a corporate bond, it comes with the backing of the federal government. NIST is the treasury bond of compliance standards. We chose NIST Cybersecurity Framework because the government will keep it updated and supported, making it a safe bet for our clients, and it offers the path of least resistance for everyone.
NIST key points:
- Free and easily accessible
- Published by the federal government
- Referenced in OCIE publications
Outsourcing IT Simplifies Compliance and Cybersecurity
NIST is extremely detailed and technical. The time it would take a chief compliance officer or RIA to sift through each point and requirement is better spent serving clients. Technology professionals also have access to tools financial firms and other businesses lack. Even straightforward tasks, like taking an inventory of your equipment, are faster for your IT partner. To list out every piece of technology you have, you’d need to physically take stock. We have a tool that resides in your environment. In a few clicks, we can give you a full picture of your IT inventory.
At itSynergy, we’re ready to simplify your compliance, secure your firm and make your life easier. We have the expertise, tools and know-how to guide RIAs through complex IT requirements. Call us now to schedule a meeting and start your path towards a cyber standard: 602.297.2400