As a registered investment adviser (RIA), you must protect the data and privacy of your clients. It’s not only an ethical obligation but also a professional one — RIA firms are required to have internal controls and programs that keep client data secure and compliant with federal securities laws.
However, with rapidly evolving cybersecurity risks, it can be challenging to ensure that you have appropriate and sufficient protective measures in place at all times. Fortunately, there is a way to continuously and easily assess and improve your RIA firm’s security posture — with Microsoft Secure Score.
What is Microsoft Secure Score?
The vast majority of security breaches occur because of poor cyber hygiene. Sometimes, users misconfigure devices, fail to keep software up to date, recycle passwords, or simply don’t know how to spot potential security issues. This leaves an organization vulnerable to breaches and other cyberattacks.
Secure Score provides you with visibility, guidance, and controls that help boost your security posture. It measures the extent to which your firm has adopted security controls across your Microsoft products, which include Microsoft 365 (and Exchange Online), Azure Active Directory, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Cloud App Security, and Microsoft Teams.
Essentially, Secure Score tells you how well aligned your security configurations are with Microsoft’s best security practices. And based on your score, your IT staff can take specific actions to help strengthen your defenses against common attacks.
How Secure Score works
Secure Score determines what Microsoft services you use and creates an inventory of all the possible improvements that will keep your environment secure. You achieve points for the following:
- Setting up recommended security features
- Performing security-related tasks
- Addressing recommended actions using third-party solutions
Points are calculated daily, and as your firm implements more controls, your score increases accordingly. Some security configurations are more effective than others and are assigned more points, but keep in mind that not every security measure can work for your IT environment.
Secure Score not only allows you to proactively uncover security vulnerabilities, but it also highlights the actions your firm can take to offset various cybersecurity risks. With this level of visibility and awareness, there’s a clear path your IT staff can take to ensure that your RIA firm is doing everything it can to keep your clients’ information safe.
How to check your current score
You can access Secure Score’s centralized dashboard in the Microsoft 365 security center. To check your current score, click the Overview tab and find the tile that says Your secure score on the first column. Here, you’ll see your score as a percentage value and how many points you've achieved out of the total possible points.
Take action to improve your score
In the Improvement actions tab, you’ll see the various security recommendations and their corresponding status (e.g., to address, planned, completed). When you select a specific improvement action, it opens a page that shows detailed steps on how to implement that particular recommendation. It also presents any license prerequisites, potential user impact, and affected users.
While the recommendations you receive will depend on your service subscriptions and your security needs, there are five key actions your firm can take to increase your score and security. These are:
- Enable multifactor authentication.
- Password-protect all mobile devices.
- Enable audit data recording.
- Disable inactive accounts.
- Limit the number of admins you have.
Don’t fret — your IT staff will take care of monitoring and improving your Secure Score. You don’t have to drill into the details yourself. What’s important is that you work with them to determine which improvements are most crucial to increasing your business’s cloud security score.
If you need help securing your environment or want to learn more about Microsoft Secure Score, contact us today. We provide complete solutions for securing, supporting, and managing the IT infrastructure and operations of small- to mid-sized RIA firms nationwide.