Top 10 Information Security Best Practices for Registered Investment Advisors

September 27, 2012

RIA Compliance Consultants recently hosted a webinar, Establishing Information Security Programs for Registered Investment Advisors.  During this webinar, our compliance consultant discussed the regulatory requirements for establishing an information security program and then went into a detailed discussion on how a registered investment advisor can establish an information security program that effectively protects its client data.

Based upon the discussions during our webinar, here are our top 10 information security best practices for an investment advisor:

  1. Limit the amount of personal information collected by your investment advisor to what is reasonably necessary;
  2. Limit internal access to client data to only the investment advisory staff persons required to know such information;
  3. Monitor the effectiveness of your investment advisor’s information security program and promptly fix any identified deficiencies;
  4. Encrypt and password protect all portable electronic devices, including smartphones;
  5. Keep physical client files locked up when not in use;
  6. Always encrypt data when transferring it or sending it to others;
  7. Secure and password protect wireless networks;
  8. Utilize and update firewalls, malware and anti-virus protection for all computers that are used to access client data (including employees’ personal computers if they work from home);
  9. Ensure that vendors and service providers are protecting clients’ data; and
  10. Limit the information taken by terminated investment adviser representatives and brought in by new investment adviser representatives in accordance with applicable privacy policies and confidentiality agreements.

If you missed this webinar and would like more tips and best practices on establishing an effective information security program for your investment advisor, a recorded version is available on our website.  To purchase it, click here.

Posted by Bryan Hill
Labels: Compliance Program, Compliance Training, Information Security, Webinar