itSynergy: Blog
Why Registered Investment Advisors Need an Incident Response Plan
Registered Investment Advisors (RIAs) know their work depends on compliance with SEC requirements, and cybersecurity is an increasing threat for them. Keeping your clients’ sensitive data safe should be your top priority. Having a well-executed incident response plan (IRP) can minimize breach impact, reduce fines, decrease negative press and help you get back to business more quickly.
The ‘Why’ of IRP
If you’re not familiar with the term incident response plan, it’s simply a plan that outlines actions to be taken in case of a cybersecurity breach. It identifies the incident response team and their roles in getting things back to business as usual as quickly as possible.
With so many moving compliance pieces and parts for RIAs, it can be overwhelming to try to recover from a breach, such as a business email compromise, on your own. An IRP, as well as cyber insurance, can provide tremendous resources to help you recover – from a mail house to notify customers of the breach to an investor relations firm that can help manage your brand reputation and keep it from being damaged.
RIAs have multi-state breach laws and compliance requirements that can be far more than you can handle on your own without an IRP.
Let me be clear: An IRP is not the same thing as a disaster recovery plan, though it should be part of one. Where an IRP deals specifically with the incident response team’s roles, the disaster recovery plan lays out how your IT systems will get back up and running.
The Phases of an IRP
In developing your IRP, you must first choose a compliance standard. The following phases are based on the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework.
Identify
Start by identifying everything that could be impacted by a breach, including all physical and software assets, as well as the roles involved in your business environment, risks and threats.
Protect
Protect assets by managing who has access, your data security and awareness of how breaches happen.
Detect
Set up monitoring tools and processes to detect anomalies.
Respond
Respond to incidents by analyzing the situation, mitigating the damage and making improvements to prevent future issues.
Recover
Recover from an incident by recovering any lost data, communicating to your staff how it could have been prevented, and making improvements to strengthen your system against issues in the future.
Components of a Smart IRP
The following are necessary components for your incident response plan that can ensure that, if and when you need to execute the plan, it’s sitting on a shelf (so to speak), ready to go.
- Emergency contact/communications list
- System backup and recovery processes list
- Incident Response Team designation and role definition
- “Grab and go” do-immediately list
- Internal communication plan
How to Get Started
First, don’t reinvent the wheel. There are trade associations that can provide you with a template IRP to start with. Make sure you modify it to fit your organization’s specific needs. Your business practices need to comply with what your written documentation says so, to be compliant, make sure they align.
Next, run a “tabletop exercise” where you test your plan to see how it would be executed in an actual incident. Document the test, including who was involved, what worked and what didn’t.
Review your IRP at least annually and be able to provide records of review and changes should you be asked by your compliance organization for the documentation.
At itSynergy, we help RIAs customize, test and refine their IRPs. We’ll work with you to document the plan that’s right for your business. Call us today at 602.297.2400 or send a message online.