As chief technology officer for Geneos Wealth Management, Dean Rager and his 10-person IT team continuously work on tech solutions for the IBD’s home office and reps to improve efficiency and compliance.
But when it comes to meeting his need to make sure “everything always stays secure,” Rager realized that as a relatively small broker-dealer with about 300 reps and $12 billion in assets, Geneos wasn’t getting the support it needed from its vendors who hold client data. That’s critical, he says, since most cyberattacks “come in from a third-party back door,” if they don’t come from “an advisor’s own email address.”
That’s why Denver-based Geneos has joined cleverDome, the cybersecurity co-op that provides the cloud software NetFoundry to “enforce some kind of standards so we look like” one of the larger enterprises that can demand better cyber support from those third-party vendors.
“I’ve known Aaron [Spradlin, co-founder and CEO of cleverDome] for ages,” but in conducting his own due diligence on the firm, Rager realized that joining cleverDome would be a way of leveraging “a hell of a lot more than my thoughts and those of my team on what to do right or wrong” when it comes to keeping Geneos’ data secure.
That “whole co-op groupthink” on cybersecurity best practices and how to implement those practices is just one of the reasons Geneos joined cleverDome. Within the co-op are also entities that can help firms in writing compliant cybersecurity policies and in conducting penetration tests of its computer networks.
But perhaps the most immediate benefit to Geneos is adopting cleverDome’s NetFoundry system, which was rolled out last year for the financial services industry by Tata Communications. NetFoundry is cloud software (or SAAS) that implements what is called a software defined perimeter (SDP), a much more secure type of a virtual private network. Once deployed at both the router and rep levels, NetFoundry’s SDP makes Geneos’ servers “invisible to the internet,” Rager says “For lack of a better term we’ve created our own dark web” which frustrates hackers.
So why should Geneos care about hackers?
“We get about 10,000 rejections every 20 minutes” on its servers, says Rager, with 50% coming from foreign actors which Geneos can auto-reject “since we don’t do foreign business.” That still leaves “15,000 pings an hour of our system by bad actors looking for weaknesses. That’s significant.”
By deploying cleverDome’s technology, “those 10,000 attacks go to zero,” reports Rager. Even if a “brilliant” hacker can defeat NetFoundry’s defenses, Rager says, cleverDome’s distributed server architecture means any data the hacker accesses is “worthless.”
NetFoundry will be a “gigantic win” for Geneos over the next 12-18 months, Rager predicts.
“For the price point and how it works,” says Rager, “I don’t know why people wouldn’t” join cleverDome and use NetFoundry.
And for Smaller Advisory Firms…
If that’s the scope of the cybersecurity threat that Geneos and its IT team is dealing with, Rager suggests the situation is even more significant for many smaller advisors, especially in the RIA world. Those firms tend to have much smaller IT teams (or outsource IT) and their server and router firmware, software and hardware likely hasn’t been updated to meet the scope of the ever-evolving cyber threat.
“Cyber is out of sight and out of mind” for many in the advisor universe, Rager charges, with many companies paying “lots of lip service” to the issue but doing little actual work to protect firm and client data.
“I view this as one of the unmanageable risks if you don’t pay attention to it, says Rager,
Geneos is doing more than joining cleverDome and implementing NetFoundry to secure its data: it’s also heavily focused on training reps and their assistants and then testing its cyberdefenses. “The single greatest threat is still email,” says Rager, because of its ubiquity and users’ assumption that “it’s harmless” makes it still the “easiest way to get into your system.”
So Geneos spends much time and effort making sure all the proper security patches are installed on reps’ systems, and provides “unlimited training” to keep both reps and assistants up to date on secure email practices, especially on phishing. “We use Wombat” security training software, reports Rager, phishing reps’ systems “constantly to create teachable moments” for reps to make sure they are partners in keeping client data secure.