Another major area of risk to your firm is your email provider. Do you use Outlook®, Gmail®, AOL® or similar firms for your email? In my humble opinion, this is a MAJOR, not minor mistake. No offense intended to those fine companies. However, you cannot afford to be callous about your email provider as the owner of an RIA firm. Do you understand what DMARC, SPF and DKIM are as it relates to email? If not, then you need to get real familiar with these abbreviations and what they do. Personally, I use Zoho® Mail for email because of DMARC, SPF, DKIM and their Administration rights including Spam Control. With Zoho®, you can read all emails from unfamiliar email addresses WITHOUT any risk to your firm. Zoho® Mail's Spam Control allows you to look inside any email that goes to your Spam Control Quarantine box and read it as a text file to see what is in it. Reading it as a text file means that no executible ransomware or other malicious code can infect your system.
If an email is spam, then you can block it FOREVER in several ways. You can block specific email addresses (emails from Nigeria wanting to send you $10,000,000), you can block specific domains (.shop, .info, .biz), you can block top-level domains like .ru (russia), .cn (china), and you can even block IP addresses (0.0.0.0). This takes some management and a little knowledge about how to set it up in your web site's domain manager, but once it is setup, you will be able to block unwanted emails and they will never be seen again. Of course, if you accidentally block an email, or domain, then you can unblock it, but most of the time, once you get the hang of it, then it is quite easy to manage. When you compare all the junk mail that you probably receive everyday, wouldn't it be nice to eliminate a lot of these scam emails once and for all? Most other email clients are very weak at stopping spam and protecting your firm. I would get far away from these type of email clients if I were you.
Here is another reason to use Zoho® Mail. You may think that all you have to do is click on the "unsubscribe" button and then you will get rid of those emails. However, this is another area that you and your employees have to be very careful about. A lot of these scammers are embedding their links to their malicious code in the "unsubscribe" button. Did you know that? Therefore, it is better to block those emails via the Zoho® Mail Spam Control area. This way you are eliminating this risk. You need to train your employees so they DO NOT automatically hit "unsubscribe".
My firm recommends Zoho® Mail, but does not have any relationship with them other than being a happy customer.
If email is the primary way for scammers to penetrate your firm, then doesn't it make sense to have the best firewall setup to stop them? You cannot take the chance and have employees, or yourself click "unsubscribe" buttons. You have to be overly vigilant, because the information that you have on your computers and devices should never fall into the wrong hands.
We recommend that a Cybersecurity disclosure be included in your Investment Advisory Agreement, because scammers will never stop and you have to disclose the fact that you have systems in place to protect your clients. Further, you have to realize that most clients do not have high-tech, high dollar computer and email systems. Therefore, they are rip for scammers. Depending on your systems that you have in place or plan on purchasing, you can likely have a Client Vault or Web Portal where you can share confidential information with your clients and avoid email altogether. That is another one of those business model decisions for you.