Today, we announced the official release of our new registered investment adviser (“RIA”) cybersecurity platform. As cybersecurity continues to be a top regulatory priority, the new MyRIACompliance cybersecurity platform empowers an RIA firm to efficiently construct, implement, and document a robust cybersecurity compliance program with a single solution. The proprietary platform is designed exclusively for RIA firms of all sizes who face unique people, technology, and third party vendor cybersecurity risks and regulatory requirements. The platform is built upon the National Institute of Standards and Technology (“NIST”) information security framework and provides security awareness training, email phishing attack simulation, technology inventory and risk assessment, as well as the ability to build a customized information security policy
How We Empower Your Employees to be Your Firm’s Greatest Cybersecurity Defense
Security Awareness Training
The platform features proprietary online security training videos for your firm’s Chief Compliance Officer (“CCO”) and all staff members. For the CCO, this training includes updates on the regulatory guidance and risk alerts as well as an overview of the NIST cybersecurity framework. For employees, topics include email phishing, ransomware, and best practices while traveling.
The training module also bundles detailed testing and tracking in order to document and demonstrate the implementation of your firm’s training program.
Email Phishing Attack Simulation
In addition to educating your firm’s staff on the how to prevent email phishing cyber attacks, our platform also includes automated phishing email attack simulations. Our platform will automatically send test phishing emails to your firm’s staff to gauge your firm’s current level of awareness and readiness.
Your firm’s CCO will be able to see real-time results to see which staff members may have opened or clicked on a phishing test email. All of these results are documented and logged to further demonstrate the implementation of your firm’s cybersecurity program.
Vendor Due Diligence
The platform’s automated vendor due diligence tool empowers your firm to do all of the following digitally through the platform:
- Perform proper due diligence before selecting a vendor
- Perform proper ongoing vendor due diligence reviews
- Conduct a regular vendor risk assessment
- Review the vendor’s information security documents
- Review the vendor’s business continuity plan
Employee and Technology Risk Inventory and Assessment
Before implement an RIA cybersecurity compliance program, your firm first needs to step back and properly inventory all the technology systems used by your firm which may contain sensitive client information and also understand what level of access each staff member has to each system. The platform’s automated workflows help you properly establish and track system access and controls and also ensure that a departed employee’s access to technology systems is promptly terminated.
Customized Written Information Security Policy Creation and Updates
The platform also includes access to a redesigned written information security policy built upon the five pillars of the NIST cybersecurity framework: identify, protect, detect, respond, and recover. The manual is regularly updated to encompass the latest regulatory guidance and industry best practices. The platform also manages the digital distribution and attestation of the policy to all staff members.
The cybersecurity platform is available as standalone platform or can be added to a traditional MyRIACompliance subscription.