At my house, spring is a time for reflection on renewal and rebirth, but also for cleaning. Whether taking a turn on yard work or getting that winter-time stale air out, there’s a lot to do. As it turns out, cyber-security is the same.
Where to Start?
If you’re like me, I didn’t quite get everything done last fall and now there’s even more to do now. Before my lovely spouse helps by giving me direction, I make my own list. For an investment advisor, spring is a good time to also get some priorities set for protecting your client data. But where to start? The answer is to conduct a risk assessment. This is the process of looking at the most likely threats to your and your clients’ data, your security practices that guard against that risk, and the probability of it happening. Like me, you probably don’t have a family plan for an asteroid striking earth, but you do know what to do for a car accident. The same is true for cyber-security: focus on the biggest, and most likely risks. This will help you prioritize what steps should be taken first and any investment you might need to make.
I love my fireplace, but it makes a mess. Every spring we cringe to see the soot our cozy fire has left us. Spring is time to get rid of that dust and so it is with most advisors’ dustiest cyber-security tool: their policies and business continuity plans. You have to shake off the dust and give them a look. It’s a best practice to annually review your documents, train or retrain your partners and staff, and consider whether these policies are sufficient. If you’ve done a risk assessment before hand, you will have some insight on whether and where improvements can be made. It can also remind you that the template you downloaded from the internet and slapped your logo on might be a little risky, particularly if you aren’t sure what all that gobbledygook means. It is always best to customize your policies and plans, to adopt best practices and more importantly, include the practices that you are really able to do.
Go Tool Shopping!
I must admit, the best part of spring-cleaning is getting that new tool I really couldn’t live without. The challenge is that this tool lust can sometimes leave me with an industrial air compressor to inflate my kiddos’ basketballs. As advisors get their tools in order for cyber-security, it’s particularly important to look carefully at what you have and what you need. Keeping your cyber-security tools updated is akin to making sure the hedge clippers are still sharp; however sometimes, you have to replace your cyber-security tools just like your hedge clippers when there is no longer any metal to sharpen. Make sure your security tools do the things you need (the risk assessment helps there), are industry leading, and, most importantly, that you know how to use them.
Get Real – We Hate Yardwork.
I’ve become self-aware later in life: I actually hate to do yard work, and dusting especially. I’d much rather get my clubs out and make sure I know where the water skis are. I’ll still go tool shopping, of course, but that’s just for emergencies. To get and keep that good-looking yard, it’s often best to go with a service. Cyber-security is no different. Finding a pro to help you complete a risk assessment, get your policies and plans aligned to best practices and customized to your firm, and make sure the security tools you have are properly sized, implemented and even monitored for you is smart money. Time spent on getting your cyber-security house in order is time you’re not servicing or finding new clients. And like spending more time with the family on the weekend, your clients will appreciate that you have a sound cyber-security program in place.
Ande Smith is the founder of RIA CyberGuard, a firm that specializes in bringing cyber-security and business continuity to RIA and independent advisor firms. He has over 20 years of cyber-security and regulatory compliance experience. If interested in learning how RIA CyberGuard can help your firm, he can be reached at or 844.226.7109.