Most of us will be happy to see 2020 in the rear-view mirror. Despite the challenges, 2020 did provide some clarity for IT priorities moving into 2021. It shone light on some obvious shortcomings and reinforced the need for the average small or midsized RIA to stay on top of emerging technologies.
The good news is that technology really is an equalizer. There use to be a time when being a big firm meant you had access to technology that gave you the upper hand. That’s not the case anymore. What we like to refer to as “enterprise level” IT infrastructure and services is highly affordable and accessible even for a firm with only a handful of employees.
We’ve outlined three things (plus one bonus) that should be your big picture IT priorities in 2021. This isn’t a deep dive into the technology itself, just a high-level overview so you understand what’s out there, why it’s important for your RIA, and why you should be thinking bigger.
There is no reason to be limited by your network, security, or IT tools. In 2021 we encourage you to put the best of the best in place for your firm and get on with focusing on your clients and employees.
Clean up your remote work environment
Some RIAs had a smooth transition to working from home. Others didn’t. Regardless of how easy it was (or wasn’t), 2021 will be the time to step back, evaluate how it all went, and clean up the loose ends.
2021 is also the time to think about making a remote work environment a permanent option for employees. Some people thrive in that scenario, while others will be lining up at the door to get back to the office. Being able to offer options instead of an all-or-nothing setup keeps employees happy and might help you with recruitment and growth down the road.
The top 2 things you should be looking for:
1. Can employees use the apps, files, and data at home like they do in the office?
When you log into your computer at home, it should look and function exactly the same as it does in the office. There should be no additional logins or steps to get to the apps and data you need. In fact, if things are set up properly, logging into your network from any device should give you the exact same experience.
When you log into your computer at home, it should look and function exactly the same as it does in the office. There should be no additional logins or steps to get to the apps and data you need. In fact, if things are set up properly, logging into your network from any device should give you the exact same experience.
This can be managed with
- A full network inventory which documents every piece of hardware your RIA owns and should be a standard part of your IT documentation and updated continually.
- Two-factor authentication can be configured to require a second step confirming your employee’s identity on any unrecognized device before it’s allowed to access your network.
- Mobile device management can give you a lot of flexibility while also protecting your RIA. You can define what devices can access your network, what data can be accessed on those devices, and establish standards for employee owned devices that access your network.
Simplify but upgrade your collaboration tools
2020 likely put your collaboration tools to a big test. And now you know what got a passing grade and what didn’t. You may even have identified a few gaps that you didn’t know existed until everyone was forced to work from home.
For a lot of RIAs, they turned to 3rd party apps for internal chats, file sharing, and screen sharing to help employees stay connected and work collaboratively. In some cases, these apps work well and make life easier. In other cases, they don’t work well, don’t play nice with the rest of your system, or even threaten your security and compliance requirements.
The top 2 things you should be looking for:
1. What tools are employees using and how are they connecting to your network and data?
Think about every time you download an app on your phone. It asks for permissions to access things like your photos, contacts, files, location etc. Business apps aren’t a lot different.
Think about every time you download an app on your phone. It asks for permissions to access things like your photos, contacts, files, location etc. Business apps aren’t a lot different.
Every collaboration tool you use is going to require access to some part of your network. Whether its to send messages to clients or access files to share with colleagues, that app is connected to your data and your network. That’s why you shouldn’t be relying on mainstream, consumer-grade apps to run your business. Those apps aren’t built to meet the security requirements of an RIA. Plus, they might not integrate well with the other tools you’re using, and it might be very difficult to archive or audit activity on them.
This can be managed with
- Start with Microsoft. (Full disclosure, we’re big fans of Microsoft tools and platforms.) What you might not realize is that Microsoft has a full suite of collaboration tools that work in a familiar way to the other Microsoft tools you use every day, come with all the security Microsoft offers, and integrates with your other day-to-day apps. With your current Microsoft subscription, you have access to IM and chat, phone and video calls, and can work on shared files in real time through Microsoft Teams.
- Even if you don’t opt for the Microsoft tools, it’s a best practice to keep as many of these apps “under one roof” as they say. You don’t always get the best user experience when you use lots of different apps that work independently or require integrations. It can also result in some limitations or persistent problems that are difficult to resolve.
- Use advanced threat protection (ATP) to limit the apps accessing your network. Sometimes employees want to use the apps their familiar with, especially for things like messaging or chat. ATP tools let you limit what apps can access your data. So, even if employees download something like Facebook Messenger on their phone, it won’t be able to access anything on your network.
2. Can you meet compliance requirements for auditing and archiving activity on your collaboration tools?
The SEC has specific requirements for you to archive communications regardless of how it’s done. So, if you’re using IM tools for example to share information that needs to be archived, then you need to ensure that your apps will allow for that. And it’s not just about the SEC requirements, it’s a best practice for your RIA to be able to create a paper trail for all the communications and file editing your team does. For example, if there are files shared with staff in a OneDrive folder, can you tell for certain what the latest version is, who edited it, or who downloaded it? Do you have an official record of recommendations made to a client via your IM app? Are all these files archived for the right period of time with the right level of security?
The SEC has specific requirements for you to archive communications regardless of how it’s done. So, if you’re using IM tools for example to share information that needs to be archived, then you need to ensure that your apps will allow for that. And it’s not just about the SEC requirements, it’s a best practice for your RIA to be able to create a paper trail for all the communications and file editing your team does. For example, if there are files shared with staff in a OneDrive folder, can you tell for certain what the latest version is, who edited it, or who downloaded it? Do you have an official record of recommendations made to a client via your IM app? Are all these files archived for the right period of time with the right level of security?
Your archiving and data security go hand in hand. And it can be very complex. Some data is highly confidential and should have serious restrictions on how it’s used. Some data needs to be kept for an extended period in order to be compliant. There is a lot to manage when data is everywhere. However, it’s very possible to set up your network so this appears seamless to all your users.
This can be managed with
- Data archiving moves your data (including your emails) to a separate storage location once it is no longer required for day-to-day activities. Think of this as long-term storage. You still have access to it, but if it’s an email for example, it isn’t occupying space in your Inbox. As you archive the data, you can categorize it with tags and classifications which help you manage your data retention requirements. Be sure the apps you’re using for collaboration allow you to easily archive communications and retrieve them when necessary.
- Data auditing gives you the ability to manage and monitor the history of any specific piece of data. You can, for example see who has edited, copied, or downloaded a specific file. If the collaboration apps you’re using don’t allow for auditing and archiving data, you should be looking for another solution.
- Move from OneDrive to SharePoint to share files and folders across the firm. SharePoint gives you far more advanced security features and makes auditing and archiving your data easier. While both make use of Microsoft data centers and therefore have a high level of security, OneDrive overall is designed for more of an individual consumer experience. SharePoint is designed for enterprise scenarios and comes with higher permission controls, better audit log features, and much better data loss prevention features (see the next section to learn more about data loss prevention). Don’t let any bad past experiences with SharePoint turn you away. It’s a different product then it was several years ago, and you can continue to operate like you do today with SharePoint working for you in the background.
Move to enterprise-level security (it’s easier than you think)
As an RIA, you require a more complex IT security structure than an average business of the same size. You’re managing several millions in investments for your clients, and the average IT setup for a small or midsized business doesn’t cut it. Enterprise-level security should be your biggest priority for 2021 if you haven’t already gone down this path.
“Enterprise-level” does not mean expensive. In fact, security tools like those from Microsoft are highly accessible and affordable – they simply need to be configured properly for the needs of an RIA. The big thing is you need more than just antivirus and firewalls – the hackers have gotten far to sophisticated for you to rely on just that to protect you.
The top 2 things you should be looking for:
1. Can you prevent data loss?
Data loss happens in a lot of ways. Some of it is intentional, and some of it is accidental. Regardless, the results are the same and could be catastrophic. This is especially the case if the compromised data is private or sensitive in nature like social security numbers or banking information. Loss of this data could lose you clients and credibility and result in action from the SEC.
Data loss happens in a lot of ways. Some of it is intentional, and some of it is accidental. Regardless, the results are the same and could be catastrophic. This is especially the case if the compromised data is private or sensitive in nature like social security numbers or banking information. Loss of this data could lose you clients and credibility and result in action from the SEC.
This can be managed with
- Data loss prevention (DLP) tools are highly customizable and powerful tools that you should have in place at your RIA. Essentially, they let you identify sensitive information anywhere on your network – whether it’s in your email, in a SharePoint file, or shared in collaboration tools like Microsoft Teams. You work with your IT team to define what you consider sensitive information for your RIA. We’ve helped a lot of RIAs with this and there are a lot of common types of data – like social security numbers, banking information, employee personal files etc.
- Once you’ve defined the types of data you consider sensitive, DLP tools help you identify that data, monitor it, and automatically protect it. This includes the purposeful or accidental access of sensitive information. As an example, you could restrict any data that includes social security numbers from being shared, downloaded, copied, or printed.
2. Are you using the latest advanced threat protection tools?
Today’s threat are a mix of highly sophisticated attacks and old but effective tactics. One of the most fundamental things you can do, is train your employees to recognize things like phishing or websites with malware. However, it’s also important for you, as a business, to do as much as possible to limit the possibility of those employees making an honest mistake. Modern, advanced tools help you close the door to most of today’s threats.
Email is one of the most common ways for hackers to access your network. It’s often (but not always) in the form of a phishing scam, which asks a user to click a link that takes them to a site infested with malware. However, it’s also common for hackers to create very convincing emails that look like they’re legitimately from a colleague, requesting money to be forwarded to a specific bank account or perform activities that give the hacker access to their login credentials. Not all phishing scams have the tell-tale signs of bad grammar and spelling mistakes anymore. They’ve gotten better.
But it’s not enough to just safeguard your email. Every “endpoint” (as we discussed earlier) that has access to you network needs to be proactively managed against those same threats.
This can be managed with
- Advanced threat protection (ATP) for your email. Modern, cloud-based filtering for your email can protect you from the malware that we know about, but most importantly, can protect you against the malware we don’t know about. This is called “zero-day” protection and uses machine learning to identify the signs of something with malicious intent. If it triggers any of those signs, the email is routed to a special environment where it is analyzed further. If nothing is detected, you get the email as you normally would.
- ATP for email monitors attachments, links, and identifies phishing to help protect your RIA. It also has advanced reporting features so your IT team can closely monitor threats and trends for your organization. One of our recent blogs covers ATP for email in more detail if you want more information.
- Advanced threat protection (ATP) for all your endpoints. As we covered earlier, endpoints are all the various points at which someone can access your network. Think of all the computers, phones, and tablets used by your employees to do their work. ATP for endpoints works like ATP for email in that it uses advanced machine learning and behavioral signals to protect your entire network. Tools like this from companies like Microsoft use data from millions of end points on their servers to detect advanced threats early and make recommendations. This is the next-generation in cyber protection and includes tools that better equip your IT team if a breach were to happen.
BONUS for the early tech adopters – move to a cloud platform
Not to be confused with running your apps like Outlook and Excel in the cloud (aka a cloud workspace), a cloud platform separates your operating system, data, and apps from any local device. Everything is run on a remote server in the cloud. This has been around for a while but was complex, expensive, and didn’t always provide a good user experience. Today’s technology however makes it possible even for small or midsized RIAs.
A full cloud platform uses virtual machines (VM) which you can think of like a computer in your cloud-based server. These VMs run the operating system, deploy your apps, and store your data so the device you’re working on doesn’t have to. You can have multiple members of your team accessing a single VM to do their day-to-day activities instead of them relying on an operating system, apps, and data being available in their individual devices. The user experience is much the same as it would be for a cloud workspace.
Why would you want to go to a cloud platform like this?
- Today’s rendition of a virtual desktop is best suited for RIAs who want complete mobility. You want the exact same experience on every device no matter where you’re working from.
- If you’re running legacy apps, this is a good option because it can eliminate the need to migrate that app to a more current operating system.
- You can have multi-session VMs (more than one person using a VM) which means there can be cost savings because you only pay for what you need.
Setting IT priorities for 2021
IT changes constantly. It’s important your IT tools and infrastructure don’t sit still. Your IT team should be on top of the emerging technology that best suits your RIA. And as we said in the opening of this blog, there is very little technology out there that’s exclusively in reach of only those large enterprise. Your RIA can and should have the best the industry has to offer.
If you have questions about any of these priorities or want some advice on how to implement them in your own RIA, we’re happy to help. You can fill out the form on our Contact Us page to get started. Good luck with your IT priorities in 2021.