Digital Wealth News is pleased to bring you our “Fintech Luminaries” series – featuring thought leaders within the blockchain and digital wealth space. For the next feature in this series, we’d like you to meet Jason Lish, Chief Security, Privacy And Data Officer of Advisor Group, the nation’s largest network of independent financial advisors serving over 11,000 advisors and overseeing $450 billion in client assets.
NAME: Jason Lish
TITLE: Chief Security, Privacy and Data Officer
COMPANY: Advisor Group
WEB ADDRESS: https://www.advisorgroup.com/
This is the first time Advisor Group has ever held its annual national conference, ConnectED, as a virtual event. How have things been going?
We’ve actually experienced much higher attendance than at in-person events, specifically because technology is allowing financial professionals and home-office staff to attend, where costs or travel logistics were barriers to participation in the past.
Technologically, the conference has kicked off very smoothly and successfully so far. The platform we’re using is much more expansive and engaging than your run-of-the-mill Zoom meeting, allowing attendees to tailor their experience to fit their particular needs and interests. It’s an immersive experience that leverages technology to recreate the connection and engagement of our in-person events.
From a cybersecurity perspective, the conference has been a tremendous opportunity to reconnect with our financial professionals on issues around data privacy that have only become more pressing during the pandemic and reinforce to them what their responsibilities entail when it comes to implementing best cybersecurity practices.
Advisor Group has made it clear that cybersecurity is a top area of focus for the company. How has the company’s cybersecurity strategy changed as a result of the pandemic?
For Advisor Group, adopting a zero-trust cybersecurity posture has become more important over the years, but it’s doubly crucial now. Across the industry, financial professionals, third-party service providers and wealth management firm employees are working remotely and using a broader range of communications and collaboration tools than ever before, which creates additional exposures and risks
When remote access becomes the primary mode of operation, cyber criminals will become bolder and opportunistic.
As a result, we are doubling down on our education efforts with financial professionals, holding more training opportunities and showing them specific examples and scenarios that demonstrate what could happen if they are victims of a breach.
While we’ve made some additional improvements in our technology, infrastructure and processes this year to navigate the current environment, many were already in place and are working as planned.
And in our “what-if” readiness planning before COVID-19, I’m proud to say we covered many of the use cases we’re encountering now, but as always there are additional opportunities we have identified to continue maturing our security posture.
What have been Advisor Group’s top cybersecurity accomplishments over the past two years?
The main accomplishment has been the full implementation in 2019 of the CyberGuard Program, an evolving cybersecurity toolkit that brings together tools and support platforms from several industry-leading providers and combines them into a robust, seamless cyber defense system for our financial professionals.
The beauty of CyberGuard is that it provides defenses, technological measures as well as training and education, against virtually all the ways that financial professionals are vulnerable to cyber attacks, and it also provides cyber insurance to make their businesses whole if they suffer a data breach.
This end-to-end capability fits the nature of the cybersecurity threat today — varied, fragmented and growing increasingly sophisticated. A cyber defense system that addresses one area of vulnerability but not others is like a blanket that covers your arms but leaves your feet cold.
To truly protect the data that clients entrust to our financial professionals, cybersecurity must be all-encompassing and adaptable. CyberGuard does that, and we are working all the time to make it even stronger and more flexible.
Can you let us know what cybersecurity initiatives or opportunities are ahead for Advisor Group, both for next year and beyond?
In its 2019 examinations finding report, Finra called out cyber awareness training and phishing simulations as priority areas for wealth management firms to address, and the need for these measures has only grown as phishing attacks have skyrocketed during the pandemic.
Going forward into 2021, Advisor Group is boosting its simulated phishing campaigns, which require financial professionals to take a training if they click on the links in simulated phishing emails. In extreme cases in which professionals are repeatedly fooled, they may be restricted from accessing the Advisor Group network until they complete the training.
The Finra report also emphasized the need for increased cybersecurity capabilities in branch offices. To that end, we are making improvements and investments that will allow real-time scanning of larger branch offices for network vulnerabilities.
Lastly, in 2021, we will also continue to ramp up our dark-web monitoring, which involves using specialized digital tools to scan the dark web for financial professionals’ stolen login credentials.
Jason Lish is Chief Security, Privacy and Data Officer, Advisor Group and is responsible for developing a comprehensive and proactive strategy to drive business decisions and protect value creation on behalf of Advisor Group and its affiliated Advisors.