There are many reasons your RIA website could go down.
No matter what the issue is, you need to be ready to respond.
When your website isn't loading, it can be a scary moment. In most cases, the incident catches you off guard and you're unsure where to begin. Was the page hacked or infested with malware?
Whatever the case may be, and there are many reasons for why a site goes down, you need to know how to solve the problem. There's nothing worse than recognizing a problem but not knowing how it happened or how to fix it.
Cyberthreats are nothing new in the investing and finance space. The financial industry had the third-highest number of cyberattacks in 2019, when compared with other industries. And in one survey, 26% of family office executives said their firms had suffered from a cyberattack.
However you identify your organization, you are under that large umbrella that is financial services, thus you are at risk.
In the unfortunate case your RIA website goes down, we have provided a few tips on what you can do.
If you used a website developer to create the site, let that person know immediately.
In the case of removing malicious files, the developer should know how to get rid of that bad data, without harming website code that otherwise keeps the page running.
The challenge you might face is your developer's availability. If it's an in-house resource, the problem can be fixed relatively quickly. But if the developer is third party and serves multiple clients, response times could be delayed.
If you have a website manager, let them know, too. Even if they don't have the ability to fix the problem, they will coordinate with those that can.
When the site is down, you may find the website login URL doesn't work. In that case, go straight to your account with the domain and/or hosting provider. Log in and see if there are any recent alerts/notifications.
If suspicious activity is occurring, be it a number of login attempts from an unrecognized IP address or malware has been detected, the hosting provider will likely take the site offline until the bad files have been removed or new security measures have been implemented.
Perhaps you are the de facto site manager and/or developer. If the issue is too much for you, see if the domain or hosting services providers can help. Maybe there's an additional fee, but given the importance of your site, the cost of inaction or delayed action could be much higher.
Again, immediate response times are no guarantee. Services providers have a ticketing system for their tech support, and it may be several hours before you get a reply. If they have additional questions for you or you have more for them, it could be another few hours before their next response.
But Who knows? There might not be an actual cyberthreat. It could be that there's an expired card on file or the domain itself has expired. In any case, update the information on file so you don't lose your domain.
Be transparent. If your clients rely on your website to access their investment portfolios and other resources, let them know right away.
To the extent you can:
If your website has regular backups being done, it is possible to restore a previous version that does not contain the corrupted files.
If it is within your capability or that of your site manager (... and certainly the web developer), restore a clean version of the website. After that, make sure there are additional safeguards to prevent the issue from reoccurring. (More on that in the part below.)
When it comes to implementing and enhancing safeguards, we recently wrote a blog post on financial advisor website security best practices.
From a cyberthreat standpoint, you can drastically reduce the likelihood of the site going down in the first place by adding in the extra security. Be proactive.
You might rely on someone else besides yourself to fix these issues, but if they can't help immediately, find someone who can.
Whether it's an in-house resource, the hosting services provider, or a third party standing at the ready, do not let your RIA website be down any longer than it should.
There's something to be said about learning through trial and error or "learning lessons the hard way".
But when it comes to cybersecurity, this is not an area you can afford to experiment on. The risk is too high for learning the hard way:
As part of the safeguards, this is a good time to review safety measures. Develop or revise written documents around cybersecurity and client data protection.
In more egregious cases, the SEC will respond if an advisory firm fails to meet security standards.
One firm got hit with sanctions for failure to adopt written security policies after a data breach... and after repeated warnings from the SEC.
By having good documentation and a team aware of security protocols, you will help reduce data breaches.
It can be a terrifying experience when your RIA website goes down, not knowing how it happened or what to do.
As the stats show, you're not alone if this happens to your firm. Fortunately, you aren't entirely helpless either.
Know the right people and the right entities to contact. Make sure they have a plan in place to bring everything back to normal.
Also, be open with clients and others who rely on access to your site. Finally, take proactive measures to prevent against future disruptions.
By heeding these suggestions, your RIA website will stay protected. And as the saying goes, better safe than sorry.