Alex Cunningham – Advisor360° is a product company, but as Jed Maczuba, Chief Technology Officer, highlighted in his recent blog, “Data is the lifeblood of the wealth management business.”
But data is only valuable if it can be trusted.
If you don’t trust the data presented, then you’re not likely to make critical decisions based on it. So, in this regard, Advisor360° is also a data company.
Confidentiality. Integrity. Availability.
From an information security perspective, we ensure the confidentiality, integrity, and availability of the data entrusted to us, so that broker-dealers and advisors using our platform know this: that the decisions they make for their clients are based on reliable, accurate information and that remains:
These 3 pillars are the foundation to our Information Security program. Protecting data, specifically that of our clients, is a champion-level team sport where everyone at Advisor360° has a role to play. We need everyone to be on the same page to execute the game plan. At Advisor360°, we believe that building a risk-aware culture from the ground up is critical in our ability to protect the data under our custodianship.
It’s hard to not be aware of cybercrime risks these days; there’s hardly a week that goes by without a front-page headline of a significant cybersecurity attack or data breach. That’s why it’s critical to ensure that, as part of our risk-aware culture, everyone takes a proactive approach to data protection awareness.
It’s Cybersecurity Awareness Month
Raising awareness is important not just for the wealth management industry, but for everyone. It’s critical that an awareness program focuses not just on how cybersecurity impacts people, but also how to protect our organizations from these threats. From a national perspective, October marks the 17th anniversary of the Cybersecurity & Infrastructure Security Agency’s National Cybersecurity Awareness Month (NCSAM) campaign. This year’s theme is “Do Your Part. #BeCyberSmart” and aims to raise awareness and the importance of cybersecurity education through a variety of events and resources (free and available on their website).
Data security from day one
From the first day an employee or contractor joins Advisor360°, a key component of their onboarding process isn’t just the free T-shirt, bagel, or towel—it’s education and awareness on the employee’s role in our data protection strategy. Ensuring everyone is fully aware of what’s expected of them, the types of threats we face, and the protections we have in place helps strengthen our overall data protection capabilities.
This employee security education must be ongoing throughout the year, a combination of instruction and testing. Even if an employee successfully identifies and passes one phishing email test, we can guarantee more are on the way! They’re critical to our security vigilance.
The reason we send regular phishing tests is not to trick or embarrass our staff (they are our greatest asset after all). Rather, we recognize the risk this threat vector possesses--94% of malware is delivered via email—and the importance that our staff play in recognizing a real phishing attempt (if it’s able to evade our systems). We also recognize it’s not the only threat, so our program is designed to educate our staff on a wide range of security-related threats and industry best practices on how to avoid cyberattacks, all through a positive reinforcement lens.
Make it compelling for staff
At Advisor360°, the Information Security team has several activities planned throughout October, whether it’s providing online quizzes, video presentations, best practices on browser settings and mobile devices, or practical tips that our own Information Security team members use to protect themselves. The last one in particular helps the InfoSec team demonstrate that they not only follow the same safeguarding rules as everyone else, but how strong security can have a positive impact without compromising productivity.
While most information security teams take the opportunity to raise awareness through National Cybersecurity Awareness Month, it’s important that it’s not taken as a one-time or annual event, but rather part of continual effort throughout the year. This continuity helps your staff fully understand cybersecurity risks and their role in minimizing the effect on your organization. I’ve found that adding an element of fun is key to helping gain more supporters and buy-in, and really helps strengthen our philosophy: that we’re doing this not just because we should, but because we know it’s the essential thing we must do.
This year has been a challenge to say the least! And as organizations continue to work out what the best working practices are for them, working from home is at the heart of it, and that includes school children too. Indeed, as I write this blog, I’m being entertained by my son’s trumpet practice as part of his now online music class.
So, using the opportunity to take what you learn at work and applying it to your home life is a great way of educating everyone, and maybe help grow the next generation of information security professionals!
Safeguards built in
While critical to our decision making, not all data is made equally. But by identifying our most valuable assets and ensuring we have the right balance of a well-educated staff, the right data protection-focused processes, and security technology in place to safeguard it, Advisor360°’s clients can place trust in the security of our platform’s unique technology: Unified Data Fabric™. That regardless of the data’s origin, the data is only available to authorized users; its integrity is sound; and it’s available when users need it.
With those safeguards, advisors can make the right financial decisions for their clients.
Remember, when it comes to cybersecurity: Do Your Part. #BeCyberSmart.
Alex Cunningham is SVP, Chief Information Security Officer at Advisor360°, where he leads the Information Security team to protect the Advisor360° house, keeping all company and client data protected and secure.