- Make an internal policy for data retention – Define how long data should be kept, which can reduce the impact of a breach and cut data storage costs.
- Provide security awareness training for employees and contractors – Provide basic cybersecurity education to help identify and defend against various cyberthreats.
- Conduct phishing awareness training – Test users’ ability to identify phishing emails and other social engineering attacks.
- Have a clean desk policy – Ensure the confidentiality, integrity, and availability of any data that may be found at an employee’s workstation.
- Implement a visitor program – Safeguard against unauthorized access to the premises, systems, and data.
- Identify digital assets – Taking inventory of assets and vulnerabilities allows for proper and regular monitoring and assessment.
- Deploy multifactor authentication (MFA) – Add an extra layer of security by requiring more than one method of authentication.
- Use a virtual private network (VPN) – Encrypt data in transit, providing a secure connection between devices.
- Secure Wi-Fi/wireless networking – Employ best practices to protect Wi-Fi networks and critical business systems from unauthorized access and use.
- Deploy a secure email gateway (SEG) – Use multiple layers of security to protect email systems from malware, phishing, and other email-based attacks.
- Conduct a system audit – Log and review network traffic and user activity to detect and investigate potential or ongoing attacks.
- Configure backup solutions – Ensure the recovery of critical business information in the event of a system failure or data loss.
- Test backup solutions – Verify that backups can be properly restored in an emergency.
- Enable domain name system (DNS) and content filtering – Block malicious websites and content to help protect against malware and other threats.
- Deploy an endpoint detection and response (EDR) solution – Continuously monitor devices for suspicious activity and provide visibility into attacks.
- Implement a security incident and event management (SIEM) system – Collect and analyze data from various network devices to help identify, investigate, and respond to cybersecurity incidents.
- Clean up all unused programs on all systems – Improve performance and help reduce the number of potential entry points for hackers.
- Use group policies and active directory – Centrally manage user accounts, policies, and permissions.
- Secure endpoint configurations – Properly configuring security settings on endpoint devices strengthens the security posture of the entire network while maintaining reasonable user efficiency.
- Implement perimeter security – Protect the network by controlling traffic flows and identifying and filtering malicious traffic.
- Develop a patch management plan – Automatically identify, install, and verify software and/or firmware updates.
- Monitor and track behavior in cloud apps – Detect abnormal or unauthorized user activity in cloud-based apps like Microsoft 365 and Azure AD.
- Define a vulnerability analysis and resolution strategy – Strategically identify, prioritize, and remediate cybersecurity vulnerabilities across the organization.
- Create a vulnerability management program – Manage software vulnerabilities throughout their life cycle, from identification to remediation, to help reduce the risk of exploitation.
- Develop an incident response policy – Provide guidance on how to handle cybersecurity incidents and help ensure a coordinated, efficient response.
- Establish incident response procedures – Outline the steps to be taken during a cybersecurity incident, from initial detection through post-incident analysis.
- Assign incident response roles and responsibilities – Delegate tasks and set expectations for key stakeholders during a cybersecurity incident.
If your RIA or financial advisory firm is using Microsoft products and services, you’re already ahead of the game when it comes to cybersecurity. The Microsoft platform has built-in security features and capabilities that can help RIAs protect their data and systems. However, it’s important to note that these features must be properly configured for you to check many of these cybersecurity items off the list.
If you’re not using Microsoft products and services, don’t worry. There are still many things you can do to help improve your cybersecurity posture. Our experts at RIA WorkSpace will be happy to help you assess your cybersecurity needs and make recommendations on how to best protect your RIA or financial advisory firm. Request a quote to get started.