According to the U.S. Internet Crime Complaint Center, cybercrime results in more than $12 billion per year in damages in America alone. The finance sector ranks as the second-highest business segment in terms of breach costs, behind healthcare, according to an IBM study, with the average breach cost for a financial institution being about $6 million.
Despite all the time, money and efforts companies spend to protect their data, the IBM study found that the average organization takes over 200 days to identify that a data breach has even happened and another 70 days to contain it. So, it’s evident that the protections many of these firms have in place are not solving the problem.
For financial advisors, the impact of a data breach can be catastrophic for their business. Besides monetary losses, the reputational damage done when clients learn that their personal data was potentially exposed can be irreversible to a practice.
Those in the financial industry also face an increasingly complex regulatory environment, with strict data protection laws and privacy regulations. While staying compliant with these evolving rules and regulations can be daunting, failure to meet the standards may result in significant fines and other repercussions.
New technologies are needed to help wealth management firms and advisors fight the cyber security battle. Protections must be real-time and proactive, not reactionary and after the fact.
We spoke with Mike Barranco, the CEO of AlphaONE, a new company created to find security issues, fix them, and help customers continually evolve their IT and InfoSec programs to stay one step ahead of the bad guys.
DWN: In recent years, we have seen that financial institutions, including wealth management firms and practices, are vulnerable to increasingly sophisticated ransomware attacks and other account compromises. How does AlphaONE work with financial advisors and firms to help mitigate these risks?
Mike Barranco: AlphaONE works closely with financial advisors and firms, using our extensive experience in risk assessments and penetration testing to pinpoint common security gaps. Our platform meets industry requirements from the start and integrates seamlessly into existing business models without disrupting workflows. We offer comprehensive solutions that include both technical and administrative controls. Our technical services encompass Managed Detection and Response (MDR), threat monitoring, and email security, among a host of others. Additionally, we provide security awareness training, formal assessments and guidance on cyber policies and procedures. By combining advanced technology with essential operational procedures, AlphaONE ensures strong protection against cyber threats, safeguarding both operations and client trust.
DWN: This past May, the SEC adopted amendments to Regulation S-P intended to modernize and enhance the privacy protections provided to consumer financial information. Firms must now have incident response programs with written policies and procedures that are “reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information.” The new regulations also require oversight, due diligence and monitoring of service providers to ensure they take appropriate measures to protect customer information. In addition, customer notification requirements have been mandated in the event of a data breach. How does AlphaOne address these new requirements for financial advisors?
Mike Barranco: AlphaONE addresses the new SEC Regulation S-P amendments with a robust suite of solutions for financial advisors. We offer over 75 standard policy and procedure templates that give businesses a head-start in deploying these standards. Our collaboration with groups like LPL Financial ensures our templates align with their Branch Office Security Policy. Additionally, we closely follow industry standards set by organizations such as NIST, CIS, ISACA, etc. ensuring compliance across all verticals, including SEC/FINRA, FTC and others. Our team maintains strong incident response capabilities and is frequently called upon by partners and peers to assist in recovery and remediation efforts. We use our experience from real-world incident response events, even for non-customers, as learning opportunities to enhance our solutions. This expertise allows us to meet the growing market demand for comprehensive incident management, protecting client information and ensuring regulatory compliance.
DWN: LPL Financial has designated AlphaONE as an affinity partner for cybersecurity solutions on the enterprise’s third-party solutions provider platform. That is not an easy list to get added to, especially for a new fintech company. How did AlphaONE prove its value to LPL?
Mike Barranco: LPL Financial gave AlphaONE the opportunity to demonstrate our capabilities by allowing us to show what we can do, not just fly through a sales deck. We deployed our solution across three different types of advisor firms, each with unique toolsets, workflows and security goals. This hands-on demonstration highlighted our ability to adapt and provide effective security solutions tailored to diverse environments. Additionally, we continuously evolve our solution to meet the ever-changing requirements of the industry, aligning with the specific needs of LPL’s advisors. By proving our effectiveness in real-world scenarios and showing our commitment to ongoing improvement, AlphaONE established its value to LPL and earned its place as an affinity partner.