Protecting your data when a RIA departs the company


When employees leave, they are required to return all the company-issued items in their possession. These include all the data they had access to in the course of their tenure. This is especially important in the finance industry, as RIAs handle sensitive personal and financial data for their clients.

But not only should your organization make sure these files are returned intact, you should also ensure that departing RIAs are unable to copy and misuse company files.

Here are some important steps you should take so that business information remains uncompromised:

Enforce data policies

Data policies define how business data is handled before, during, and after any RIA’s tenure with your company. These are a documented set of guidelines that helps ensure all information assets are managed consistently and properly. It also dictates how your organization’s IT is configured. Your IT provider should already have configured your data system so that all documents and files adhere to the data policy automatically, so there’s no need to manually agree to every rule each time. Data policies are absolutely essential for RIA practices, as protecting your clients’ financial information is one of your most important responsibilities.

Develop policies and procedures that should be followed by RIAs who are parting ways with the organization. Your IT provider’s preparation is critical at this stage, but none of these exit policies will matter if proactive steps — such as laptop preconfigurations and device management tool installations — were not accomplished.

Aside from data policies, staff should also contain clauses about appropriate use of business information, company-issued devices, and other resources. For one, RIAs should be explicitly informed that any equipment and data that belongs to the company should not be compromised. Anyone departing the organization will need to surrender all company-owned devices and files before they will be allowed to exit.

Deploy role-based access

Maintaining the integrity of your information system requires being proactive. Access roles should be predetermined long before any employee is allowed to view and/or edit client and organizational data. Have your IT partner deploy role-based access control (RBAC) throughout your organization so that employees only gain access to files that they are authorized to view or change.

RBAC can also be set to allow temporary access to certain files, making it not only a tool for security, but also for facilitating efficient task completion. And because RBAC tools on modern enterprise software like Microsoft Azure can be automated, they can help reduce administrative and IT work and improve compliance in one fell swoop.

Related article: Microsoft Data Loss Prevention Tools for RIAs

Prevent data loss

Data loss comes in many shapes and forms. Including the potential that an exiting employee takes information with them when they leave. They may try to download, print, or email the information in order to have it available once they are no longer employed by you. This is why a thoroughly-configured data policy is critical to protection. Also, using tools like Microsoft Data Loss Prevention (DLP) will make sure your data policy is automatically enforced, eliminating the need for tedious, manual monitoring.

For instance, Microsoft DLP can be configured to block access to files when an unauthorized user tries to access them. Or if an employee attempts to send emails containing restricted files, DLP can block the email and inform a compliance officer or manager of the attempt. Audits can also be done so that managers can check how files are handled by the people who access them. Audit reports can also be compiled to document email conversation flows and more.

Lock down devices

Lastly, make sure your RIAs’ devices are configured so that your IT provider can lock them down when necessary. Not all employee departures are amicable, so it would be wise to install programs and apps like Microsoft Intune, which will let your IT administrators remotely wipe or retire laptops when necessary. Installation and configuration of such apps can be mandatorily applied through your data policy, even if your company allows employees to bring their own devices.

Related article: Bring your own device policy template

Upholding the integrity of your business data should be your utmost priority. Doing so will put your clients at ease and help solidify your reputation as a trusted RIA practice. Protect your sensitive data with RIA Workspace’s RIA-specialized technologies. Contact us today to learn about our services.