There are red flags even when dealing with cybersecurity firms. Here's what to watch for.
With all the recent punitive actions triggered by the SEC’s Red Flags Rule, the floodgates have opened when it comes to Johnny-come-latelys touting their wares in the cybersecurity solutions market for the independent financial advice space.
And if the latest fallout in recent months related to the SEC’s Red Flags Rule has taught us anything, it’s that chief technology officers, chief information officers, chief security officers and other mission critical gatekeepers with oversight of large enterprise vendors owe it to themselves, their firms and their advisors to look past cybersecurity propaganda and dive deep on the details.
Therefore, consider cracks in logic when evaluating whether you have a cybersecurity partnership in place that actually delivers both what is advertised and what is needed.
One claim going around is that cybersecurity software “designed specifically for large enterprise firms” is somehow by itself a significant value-add. It’s not. Any software worth its salt in the independent advisory space should be able to accommodate firms of all sizes, so long as the customer is willing to pay for the scope of service required.
Providers will also frequently say their offerings are “seamless” or “at scale.” These words may sound great out loud, but when you really start to think about it, these are things that should be — and have been for years — table stakes from any credible vendor.
Along these same lines, beware of catchphrases that are thrown around in place of substantive value-add features, such as “robust administrative dashboard,” “multiple levels of hierarchy,” and “compliant with the highest levels of due diligence review.”
In other words, if a cybersecurity vendor is spotlighting promises of a decent user interface, the ability to flag and escalate cybersecurity issues at varying levels of potential severity, and the ability to pass the initial taste test with the technology gatekeepers with most firms, there’s probably more sizzle than steak with the meal they’re offering.
Above all, when people talk about cybersecurity that “cannot be circumvented by advisors,” that verbiage suggests a certain level of condescension from a home office. The implication is that the advisor is scheming with dark forces to work against the best interest protections their firms have tried to put in place for them.
Seeing that language should be a red flag, no pun intended. Rather than becoming Big Brother, firms should become cybersecurity partners with their advisors. After all, it’s much easier to avoid costly and reputation-damaging data breaches when firms and advisors both see that as the goal.
When the technology architecture being offered by a cybersecurity solutions provider builds in the assumption that advisors are naturally bad actors, the adversarial dynamic that is established doesn’t work well for anybody involved.
BEYOND THE HYPE
The key is maximizing a tamper-proof, collaboration-rich cybersecurity experience that goes beyond table stakes and assumptions that advisors are bad actors secretly waiting to meddle with the system.
Successful independent broker-dealers and RIA firms supporting independent professionals will maintain a proper perspective on cybersecurity by embracing the fact that their advisors are business owners, and not captive employees. This means recognizing that the mission of the home office is to achieve buy-in through education, collaboration and persuasion. And that trying to pass technology edicts from the top down is a recipe for failure.
When firms treat advisors with trust and respect by working with them to safeguard sensitive data in line with regulations and their business growth strategy, cybersecurity becomes part of the value proposition instead of a risk.
Sid Yenamandra is the co-founder and CEO of Entreda, which provides comprehensive cybersecurity solutions for independent retail financial advice firms and their advisors.