It’s been 20 years since former U.S. President George W. Bush signed legislation to declare October as Cybersecurity Awareness Month. The goal was to raise awareness surrounding potential digital threats. Today, recognizing the hazard isn’t the issue. Navigating the cyber landscape, implementing protections and managing the risks associated with evolving technologies is top of mind for CIOs and CTOs.
Today’s challenge is that cybersecurity is a moving target. Because the wealth management arena is tasked with safeguarding trillions in financial assets as well as the personal information of the owners of these assets, the regulatory bodies governing the industry have made cybersecurity a focus, with the SEC requiring firms to enact programs, policies and procedures to protect against cyber incidents and also proactively supervise the vendors and service providers.
Because third-party solutions providers are on the front lines of cybersecurity efforts for many RIAs, they have a unique perspective on the cyber risks RIAs come up against and how best to address them. To get a sense of the what the biggest areas of client cybersecurity risk are, and how these firms are helping RIAs meet these challenges, we spoke to executives at three leading firms for their insights:
- Gregory Wilson, Chief Information Security Officer, Docupace Technologies, a digital back-office workflow and automations provider for the wealth management industry
- Kevin Sutton, Founder and Chief Technology Officer, AlphaONE Operations, a cybersecurity and IT solutions provider
- Sindhu Joseph, CEO and Co-Founder, CogniCor, a provider of artificial intelligence (AI) enabled digital assistants and business automation platforms for the financial services industry
Gregory Wilson: Docupace provides a secure document storage and management platform that simplifies regulatory compliance and offers secure authentication methods. In addition, we support our clients by making security the foundation of what we do here at Docupace. It is essential that each RIA invests in good cyber hygiene. Client education is key to ensuring clients can identify phishing attempts and practice safe online practices that will enable them to protect themselves.
Additionally, the RIA should implement strong cybersecurity controls such as multi-factor authentication, data encryption and regular user audits to ensure user accounts are disabled when employees leave the RIA firm.
Finally, firms should ensure that they regularly monitor for unusual activity and provide timely notices if suspicious activity is identified. Working together with our firms, we help RIAs fulfill their fiduciary responsibility by mitigating cybersecurity risks in a streamlined and scalable fashion.
Kevin Sutton: Most financial advisors believe they are protected from cyberattacks because they employ an IT vendor to manage their tech stack, but many are not. Financial institutions, including wealth management firms and individual practices, are vulnerable to ransomware, account compromises, and regulatory compliance failures. Generalist IT firms tend not to have cybersecurity expertise to mitigate these risks.
At AlphaONE, we developed our flagship product, Guardian, to provide the proactive protection many advisors lack. We safeguard an advisor’s business and reputation by identifying cybersecurity issues, fixing them before they turn into data breaches and staying one step ahead of the bad guys. Importantly, AlphaONE helps advisors fulfill their responsibility to clients while staying compliant with new SEC cyber rules.
Sindhu Joseph: I’m often asked if AI will replace advisors in an RIA – and the answer is no. AI-enabled advisors will replace those who do not use AI to enhance their client service experience. Bad actors are the same. Those who do not use AI today will be replaced by those who do – and they will be better, faster and more dangerous.
One of the most nefarious examples in our industry is how hackers can use AI to create a program that mimics an advisor’s voice and instructs clients to transfer money out of an account. AI is getting smarter and better at interacting with people and machines – making once-impossible scenarios everyday occurrences. In addition to the social engineering attacks, there is a whole gamut of risks such as phishing, password and identity theft, ransomware, etc.
Because of this cat-and-mouse game fueled by AI technology’s continuous improvements, cybersecurity continues to become more complicated and interesting. Both good and bad actors have access to these advancements, which means those on the side of good must be smarter than the criminals.
CogniCor helps RIA firms address challenges in a holistic manner by helping them transition from manual and error-prone experiences to digital and verifiable ones in addition to providing industry-specific compliance guidance through products such as ClientComply. CogniCor’s ClientGuide gives targeted proactive and reactive information about best cyber practices to clients and advisors regarding cyber security awareness.
