BACK TO BLOGS

How to Build a People-Centric Information Security Ethos

Alex Cunningham, September 21, 2021

An illustration of a computer monitor and tablet with an information icon at left and a padlock at right.

Information security has transitioned quickly from being just a technology function to its emergence as a key driver of business value and a change agent within every company. As Chief Information Security Officers (CISOs), we often think of the work we do to protect our environments and data and how we deploy strategies such as encryption, data loss prevention, and monitoring; however, to be a trusted partner to CEOs and build value from a business perspective, CISOs need to shift the discussion from bits-and-bytes to the roles people and processes play in protecting our businesses and technology.

People are the backbone
People are the most important part of any organization. In fact, without well-motivated, trained, and loyal employees, you can’t be successful. At our organization, we firmly believe that as a product company delivered as an enterprise-level service—we are nothing without our people.

People have ingenuity and curiosity. At Advisor360°, we believe by harnessing this creativity, we have built an innovative SaaS platform for the benefit of broker-dealers, their financial advisors, and investors. By creating an environment that sets employees up for success, our people feel valued and empowered to bring their best ideas to work each day.

The best information security processes are purpose-driven and strike the right balance
Process is essential in facilitating order in our day-to-day business. It can help improve productivity, replace manual tasks with automation, and reduce risk. But there’s an art to identifying where a process is needed rather than adding processes just for the sake of it. Too many processes can slow down an organization’s ability to operate, frustrate your people, stifle innovation, or worse, increase an organization’s risk posture as their people find ways to circumvent ineffective processes. Finding the right balance can make an organization more efficient, help staff, and identify new opportunities.

Information security leaders are in a unique position, as they have a far wider view of an enterprise than most. This gives CISOs an opportunity to work across the firm when designing processes, particularly when it impacts a large percentage of the organization. Engaging our managers or subject matter experts early on when designing processes helps make certain the process is fit for its purpose, increases adoption rates, and reduces friction while ensuring the firm gains the anticipated improvements.

Technology and its role in building an information security ethos
At Advisor360°, technology is our focus and our passion. Our goal is to ensure we provide our customers with not only the features and functions they need to serve their clients, but with the best user experience, too. Technology is a wonderful thing, but if it’s hard to use or the features are immediately intuitive, then it’s of little value.
Our enterprise-grade SaaS platform helps our customers power their own digital transformations as they look for opportunities to increase efficiencies in very competitive environments.

Technology obviously plays a huge role in our data protection strategy and provides us with opportunities to gain better insight into where our data is and how it’s used throughout its life cycle. It also allows us to identify and respond to threats and vulnerabilities quickly and maintain a proactive security posture.

Bringing it all together to nurture a people-centric information security ethos
The right balance of great people, efficient and value-add processes, along with great technology and experience can help create a strong platform for an organization’s success.

People are rightly at the heart of our organization, and we’ll only be successful if we create the right environment where everyone has an opportunity to make his/her voice heard, where ideas and collaboration are encouraged, and where the wide range of experiences, diversity, background, and knowledge helps create multiple perspectives that coalesce into a whole greater than the sum of its parts.

Likewise, I think the best companies are the ones that recognize the skills and strengths of their staff and acknowledge that they are on an ever-changing journey rather than something that has a definitive completion date. The rate at which technology changes, for example, means that we’re constantly reviewing how we can best apply new features and functions to our SaaS platform.

One of the many benefits of having a healthy company environment is it promotes a strong teamwork ethos.

Recently, Advisor360° successfully obtained SOC 2 and HIPAA accreditations for our integrated SaaS platform. One of the most satisfying parts of this accomplishment was the fact that we started with a blank piece of paper two years ago and plotted the steps and milestones necessary to meet this ambitious goal. But it wasn’t just what we did, but how we did it.

Every single person at Advisor360° was involved in making this happen. It was truly a team effort. Without the right people, with well-designed processes, focused on all aspects of our technology stack and infrastructure, we would not have met this important company goal.

From an information security perspective, we often talk about the importance of growing our internal networks and applying both direct and indirect influence across the organization. Having a strong teamwork ethos helps facilitate this, but it isn’t restricted to just within Advisor360°. We extend this approach with our customers, too, which strengthens their trust in us both as security practitioners and trusted partners.

The one constant is change. But because of our culture, we are well placed to create solutions that address our customers’ challenges and create new opportunities and competitive advantages—regardless of ever-shifting circumstances and challenges.

Alex Cunningham is Senior Vice President, Chief Information Security Officer at Advisor360°. He leads the Information Security team in protecting the Advisor360° enterprise, keeping all company and client data safe and secure.