Cybersecurity For RIA Firms
A Cybersecurity Risk Assessment: RIA Firms
Cybersecurity is the number one most serious issue that needs to be acknowledged and addressed at every firm no matter of size. Undertaking an internal assessment of client & sensitive information, safeguarding procedures and ensuring they are sufficient in protecting your clients and your firm is a very challenging undertaking. Cybersecurity is challenging and the is currently ongoing with a focus on analyzing the current approaches to managing these security threats firms are taking on their own. The threats posed will continue to grow and develop. The main concern and focus for every firm should be the integrity of their current infrastructure and the safe keeping of sensitive customer data.
Aurora offers a comprehensive solution to help assess and evaluate internal controls and identify potential risks to the firm and then prioritizing those risks. Aurora is a company that knows and recognizes the importance of a structured and customized approach for each and every firm. Aurora can help your firm in identifying weak and vulnerable areas of your firm. When analyzing your firm you will want to focus on current operational structure and capabilities, IT supervision, structure and systems, securing sensitive information and the current readiness in handling of a potential breach or system malfunction.
“Aurora’s Cybersecurity Risk Assessment” consists of the following:
- Review the firm’s current risk assessment procedures to determine if the current methods utilized are sufficient enough to identify both cyber and non-cyber security threats.
- Review the firms written policies and procedures to determine if they are currently addressing data security risks and threats.
- Review past and current testing procedures regarding data security.
- Verify that the certifications currently held by the firm and its vendors with access to confidential and/or personally identifiable nonpublic information. (examples include: ISO, ISAE, SSAE, SOC, TIA)
- Vendor reviews will be conducted by Aurora independently. Aurora will contact current vendors to obtain documentation that each said vendor has their own cybersecurity structure and safeguards in place.
- Review current procedures in detecting and the reaction to a cybersecurity breach.
- Review the most recent SEC document requests with appropriate IT personnel to determine that all information and documentation requests can be produced in a timely manner.
- Review the findings and the potential solutions needed in Aurora’s comprehensive after action report and review with the “CCO” and “COO” of the organization.