New 'Red Flag' Tools Launched to Curb Cyber Risks
Cybersecurity firm Entreda said Thursday that it was rolling out Red Flags Safeguard software, along with Red Flags Data Theft Insurance. Both aim to help advisors, independent broker-dealers and RIA firms avoid issues like identity theft and client-data breaches tied to vendors, as well as fines and other fallout from regulators.
The news comes less than a month after the Securities and Exchange Commission reached a $1 million settlement with Voya Financial Advisors over cybersecurity failures that led to the compromising of thousands of clients’ personal data.
“We are very excited to release our Red Flag package, which we’ve been working on for some time,” said Entreda co-founder and CEO Sid Yenamandra, in an interview with ThinkAdvisor. “We are very focused on the independent wealth management industry and are growing rapidly.”
The business got started about seven years ago, and about one-fifth of sales are in the financial-services field, Yenamandra explains. It works with 25 broker-dealer clients and several hundred RIAs with a total of about 60,000 advisors; customers include ProEquities, which has some 700 advisors, and United Planners.
How It Works
“Our software sits on advisors’ mobile and desktop devices and acts like a sensor by gathering data and evaluating risks, including those the network and other users, too,” according to Yenamandra. “It means advisors and firms can get risk data in real time.”
For instance, an advisor using an open Wi-Fi network at Starbucks automatically would get a cyber-risk score, and a virtual private network would open to make sure her work was done on a compliant network.
In other words, the executive says, the risks are monitored and resolved “in one breath,” and the risk score is updated “dynamically” as well. Entreda’s risk scores resemble credit scores with a 200-800 range in which a higher number is preferred.
The monitoring and scoring are meant to be “a helping hand, like a software-based security blanket, so [hackers] cannot access proprietary data, ” Yenamandra said.
The goal is to protect firm and its client data but not become a Big Brother. “We’re not looking at emails, etc.,” the fintech executive said, “and are strictly focused on security … to avert risk to an organization.
The “remediation playbooks,” such as the use of a VPN, are automated. Advisors also get training videos pushed out to them when issues arise to educate them on cybersecurity, complete with a quiz at the end of the videos.
“The big challenge today is that there are lots of tools out there … we did the integration and connectedness all under one roof,” explained Yenamandra.
Entreda’s latest offers include:
A third-party due diligence module to identify and complete a risk assessment of vendors, validate vendor responses and produce cyber-risk scores.
Risk assessments to review personal data stored by vendors and check for missing information in forms being completed by them.
The use of a cyber-risk gateway for a client system that only gives access to authorized vendors with devices monitored by Entreda or to vendors with strong regulatory/compliance track records.
Periodic-incident response tests to check a firm’s response time and to process phishing or hacker incidents — including impersonations of known-vendor reps as a means of changing passwords.
Automated playbooks or remediation processes, such as adjusting the cyber-risk score of the firm and user, logging the event for compliance purposes and giving phishing victims real-time onscreen training in best practices.
Cyber insurance to protect firms from the costs of data breaches and violations of the SEC’s Red Flags Rule
“When third-party vendors entrusted with confidential client data suffer breaches, the firms and advisors who utilize their services are held to account,” Yenamandra said. “The SEC’s Red Flags Rule and recent related actions in our industry underscore how independent RIAs and broker-dealers owe it to themselves, their financial advisors and their end clients to avoid million-dollar plus penalties by adopting the right technology-driven tools and processes to effectively manage such risks.”