WEALTHTECH INSIDER: Three Steps to Help Protect Your RIA from Data Breaches


Orion Advisor Solutions

Large-scale data security breaches grab headlines every day, exposing businesses and their clients to grievous costs and potential liabilities. In the first half of 2021, more than 1,700 data breaches have exposed about 18.8 billion records. Beyond the financial repercussions of these events, and potentially more significant, is the damage to the reputations of these companies. Consider how confident you feel about these companies having your private information.

How do these breaches happen? And what steps can you take to protect your practice and your reputation from these types of events? Cybercriminals generally compromise business systems one of two ways: either by exploiting known technical vulnerabilities within the targeted system or compelling individual employees with access to the system to provide their credentials.

The overwhelming majority of system vulnerabilities can be eliminated by simply keeping systems patched and updated.

Attacks against individuals are much more difficult to detect and prevent. The most common of these attacks is phishing: the use of cleverly disguised emails designed to trick individuals into providing their credentials. How common? A recent survey of 500 IT leaders and 3,000 employees across the financial services industry, health care, and legal sectors found that 73% of organizations have suffered data breaches caused by phishing attacks in the past year.

Here are some steps advisors can take to protect themselves and their clients from data breaches.


Maintain frequent verbal communications with clients, especially if you notice suspicious client-generated requests or activity. If you see that your client spent a quarter of a million dollars on a down payment for a summer mansion – especially if they have not breathed a word of an expensive new home as a financial goal – check in with them. People appreciate a proactive, early warning much more than a nasty surprise on their financial statements.

Be Aware of Phishing Attempts

Phishing attempts have become more and more elaborate in recent years. While modern email and digital communication platforms use filters to flag potentially suspicious messages, they are not foolproof. These rules of thumb will greatly decrease your chances of falling prey to phishing.

• Be suspicious of links in messages and consider typing URLs into web browsers instead of trusting email links.

• Have procedures in place to verbally verify client identity and transaction information (account numbers, amounts, etc).

• Ensure everyone understands how to recognize phishing attempts and is always on the alert for them.

• Employees should have a clear understanding of how to respond to and report any suspicious activity.

Update Your Systems and Ask Questions

This includes installing all patches and updating systems as soon as updates are available. Do not access client accounts using public or shared computers. The need for up-to-date software has only become more crucial as remote work and “hybrid” offices increase our reliance on digital platforms and communication.

Finally, advisors should vet their investment managers and vendors carefully. Don’t hesitate to ask questions: you need to know how your partners are protecting client data, and whether that data is stored offshore in a way that complicates potential liability. You should also ask about major data breaches they have faced, and how they were handled and what changes resulted from them.

Cybersecurity is a constantly changing field, and it can feel overwhelming to try and stay on top of the latest threats. But proactive communication and common-sense questions will do a lot to help protect your business and the livelihoods of the clients you serve.