June 7, 2019

Investment Advisor Cybersecurity: 16 Must-Know Recommendations

by: Align


When it comes to risk management and cybersecurity, Registered Investment Advisors (RIAs) can never be too prepared.

In today's post, we've outlined sixteen (16) of the top security tips to help your firm maintain compliance with regulatory guidelines and safeguard your business from internal and external threats.

16 Cyber Security Tips for RIAs

1. Perform extensive penetration tests regularly. Pen tests help RIAs identify any weaknesses in their infrastructure before they lead to a data breach or other cybersecurity-related incident.

2. To meet the Securities and Exchange Commission's (SEC) requirements, it is imperative that investment advisors conduct IT security assessments and evaluate cybersecurity across external and internal threats, cybersecurity manuals, security procedures, how critical business data is stored and more.

3. Advanced security awareness training is essential for registered investment advisors to build an intelligent, internal first line of cyber defense and improve employee security habits. 

4. Documenting your organization's approach to cybersecurity is critical for demonstrating to regulatory bodies, such as the SEC, the proactive measures that your firm has taken to protect confidential information, sensitive business data, clients and employees.

5. Conduct a full vulnerability diagnosis of your entire IT infrastructure regularly. Performing continuous scans allows RIAs to detect vulnerabilities faster, decreasing overall risk exposure.

6. To comply with SEC requirements, it is crucial that firms learn about cyber security, as well as understand the current threat landscape and why risk management is vital to their companies.

7. Employ a Cybersecurity Advisory Practice. Leveraging the expertise, support and comprehensive solutions of a trusted IT partner can help your firm satisfy regulators, encourage investors and empower employees. 

8. Create cybersecurity documentation that covers your firms operating model, cybersecurity procedures, security program, governance, insurance and more.

9. Enforce an IT security policy that prohibits sharing passwords. Password sharing among employees is one of the most significant security issues businesses face today. 

10. Cyber Security Awareness programs should be in-depth and cover phishing techniques, best practices to identify and avoid email scans, processes for reporting cyber-related issues, malware, social engineering and more. Cybercriminals and hackers prey on human error so you'll want to ensure your training modules don't miss a beat. 

11. Investment advisors must leverage the knowledge surrounding emerging threats, common attack vectors and prevention techniques to instill security best practices company-wide.

12. If your company works with a Cybersecurity Provider, that partner should assess the information, draw conclusions and form appropriate remediation recommendations to safeguard your business.

13. Implement advanced network monitoring. Monitoring traffic is necessary for pinpointing anomalous behavior and protecting your environment. 

14. Develop a robust cybersecurity strategy. Cybersecurity programs should be thorough and specific to the investment advisor's risk profile. Furthermore, this strategy should meet your firm's unique needs, remain practical and be able to prevent, detect and respond to cyber threats swiftly and effectively.

15. It is critical that investment firms absorb the actionable data produced from pen tests as firms can make better-informed business decisions concerning risk mitigation.

16. Implement robust security controls and educate employees on proper protocol.

As hedge funds and asset managers prepare for the post-Covid-19 world, firms should consider evaluating their cyber security posture, IT infrastructure and more. Click on the buttons below for further guidance provided in our two-part series on post-coronavirus business continuity. 

Access Part 1 Here Access Part 2 Here


Contact one of our cybersecurity experts by clicking here or on the button below. 

Contact Us ➜

Continue Reading

Related Articles


“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC