How to lock down your devices and protect your data: A device security checklist for RIA and financial advisory firms

How to lock down your devices and protect your data: A device security checklist for RIA and financial advisory firms

As technology becomes more and more ingrained in our professional lives, it’s more crucial than ever to secure the devices we use for work and the data they contain. This is especially true for registered investment advisors (RIAs) or financial advisors like you, who handle sensitive client data on a daily basis.

But securing devices doesn’t have to be complicated or time-consuming. By following a few simple steps, you can help ensure device security and data integrity that will keep you compliant with industry best practices and regulations.

Read on to learn what your RIA or financial advisory firm can do to lock down devices and protect data.

Device security checklist

Having a device security checklist is a great way to get started. Here are some measures that your advisors and staff should take to secure their devices, whether they’re laptops, smartphones, or tablets.

☐ Lock the screen when the device is not in use

A good number of people tend to forget to lock their screen when they step away from their computer for just a few minutes. Setting devices to automatically lock screens after a few minutes — 15, at most — of inactivity is a good way to make sure unauthorized users can’t access devices that are left unattended. Doing so effectively helps protect against data loss or theft.

☐ Do not install peer-to-peer software

Peer-to-peer (P2P) file sharing applications like eMule, Vuze, and uTorrent are a security risk, as they can be used to download and share content that can be potentially laced with malware. What’s more, P2P networks are often insecure, leaving users vulnerable to data breaches and other malicious attacks. That’s why it’s important to prohibit your employees from installing any P2P software or remove any existing P2P apps on their work devices.

☐ Use antivirus, anti-malware, and firewall applications

These security tools help protect devices from being infected with malware or hacked. An antivirus program detects and removes viruses, while an anti-malware software protects against malicious software like spyware, adware, Trojans, and more. Meanwhile, a firewall blocks unauthorized access to a device or network.

It’s prudent to install these three solutions on top of existing built-in security to implement multilayered protection. These security solutions should also be updated regularly to ensure they remain effective at protecting against the latest threats.

☐ Only use trusted Wi-Fi networks

Public Wi-Fi networks are convenient, but they also put your data at risk. That’s because these networks are often unencrypted, making it easy for cybercriminals to intercept data being transmitted over them.

When using public Wi-Fi, your employees should only access sites that use SSL/TLS encryption (i.e., site URLs prefixed by “https”) and avoid entering any sensitive information, like login credentials or credit card numbers. Better yet, instruct your employees to avoid using public Wi-Fi altogether and only use their device’s data plan when they’re out and about.

☐ Use a VPN

A virtual private network (VPN) encrypts all the traffic going to and from a device, making it much more difficult for cybercriminals to intercept data. This is especially important when you’re using Wi-Fi networks other than your home or office network, as a VPN adds an extra layer of protection.

Many VPNs also come with other security features like malware protection and ad blocking, which can be a big help in blocking unwanted content and keeping devices safe. And because there are thousands of VPN choices in the market, be sure to select one that’s reputable and has a good track record in terms of security and privacy.

Related reading: Does your RIA have a hybrid work environment? Make sure it’s secure

The importance of updating your software and devices

Besides ensuring that your employees are following best practices for device security, it’s important that your RIA or financial advisory firm has a robust update policy in place. This means ensuring that all devices are kept up to date with the latest software releases, security patches, and virus signatures.

In particular, your IT team or partner should do the following:

  • Take inventory of all software installed on work devices. Doing so allows them to track which software is outdated and needs to be updated, making it easier to identify and remove any unauthorized apps.
  • Constantly update antivirus and malware signatures. Outdated virus and malware signatures can leave devices susceptible to newer attacks. That’s why it’s important to have a system in place that automatically updates these signatures on a regular basis.
  • Push operating system and software updates or enable automatic updates. Many devices have the option to automatically install updates, which helps ensure that they are always running the latest software versions and security patches.
  • Regularly check device settings. Settings like password strength, autofill options, and location services can all impact the security of a device. By checking and updating these settings weekly if not daily, your IT team or partner can help ensure that your devices are as secure as possible.

While no cybersecurity strategy is impenetrable, following these best practices can help you create a strong defense against the most common cyberthreats. And by taking steps to secure your devices and data, you can help reduce the risk of a breach or data theft.

If you have any questions about device security or would like assistance implementing these best practices to help you protect your RIA or financial advisory firm’s data, RIA WorkSpace can help. Contact us today to learn more.