Close Close
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards

Regulation and Compliance > Cybersecurity

A Cybersecurity Firm’s Propaganda May Hide Red Flags

Your article was successfully shared with the contacts you provided.

With all the recent punitive actions triggered by the SEC’s Red Flags Rule, the floodgates have opened when it comes to Johnny-come-latelys touting their wares in the cybersecurity solutions market for the independent financial advice space.

And if the latest fallout in recent months related to the SEC’s Red Flags Rule has taught us anything, it’s that chief technology officers, chief information officers, chief security officers and other mission critical gatekeepers with oversight of large enterprise vendors owe it to themselves, their firms and their advisors to look past cybersecurity propaganda and dive deep on the details.

Therefore, consider cracks in logic when evaluating whether you have a cybersecurity partnership in place that actually delivers both what is advertised and what is needed.


One claim going around is that cybersecurity software “designed specifically for large enterprise firms” is somehow by itself a significant value-add. It’s not. Any software worth its salt in the independent advisory space should be able to accommodate firms of all sizes, so long as the customer is willing to pay for the scope of service required.

(Related: The Truth About Scaling Your Business)

 Providers will also frequently say their offerings are “seamless” or “at scale.” These words may sound great out loud, but when you really start to think about it, these are things that should be — and have been for years — table stakes from any credible vendor.

Along these same lines, beware of catchphrases that are thrown around in place of substantive value-add features, such as “robust administrative dashboard,” “multiple levels of hierarchy,” and “compliant with the highest levels of due diligence review.”

In other words, if a cybersecurity vendor is spotlighting promises of a decent user interface, the ability to flag and escalate cybersecurity issues at varying levels of potential severity, and the ability to pass the initial taste test with the technology gatekeepers with most firms, there’s probably more sizzle than steak with the meal they’re offering.


Above all, when people talk about cybersecurity that “cannot be circumvented by advisors,” that verbiage suggests a certain level of condescension from a home office. The implication is that the advisor is scheming with dark forces to work against the best interest protections their firms have tried to put in place for them.

 Seeing that language should be a red flag, no pun intended. Rather than becoming Big Brother, firms should become cybersecurity partners with their advisors. After all, it’s much easier to avoid costly and reputation-damaging data breaches when firms and advisors both see that as the goal.

When the technology architecture being offered by a cybersecurity solutions provider builds in the assumption that advisors are naturally bad actors, the adversarial dynamic that is established doesn’t work well for anybody involved.


 The key is maximizing a tamper-proof, collaboration-rich cybersecurity experience that goes beyond table stakes and assumptions that advisors are bad actors secretly waiting to meddle with the system.

 Successful independent broker-dealers and RIA firms supporting independent professionals will maintain a proper perspective on cybersecurity by embracing the fact that their advisors are business owners, and not captive employees. This means recognizing that the mission of the home office is to achieve buy-in through education, collaboration and persuasion.  And that trying to pass technology edicts from the top down is a recipe for failure.

 When firms treat advisors with trust and respect by working with them to safeguard sensitive data in line with regulations and their business growth strategy, cybersecurity becomes part of the value proposition instead of a risk.

Related: FINRA Launches New Fintech Office)

Sid Yenamandra is the co-founder and CEO of Entreda, which provides comprehensive cybersecurity solutions for independent retail financial advice firms and their advisors.


© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.