How Dynamic Has Fortified ‘the Fences’ and What Advisors Can Do Now
Cybersecurity threats, notably to the financial services industry, have evolved in recent years, increasing in frequency and sophistication. Data theft, malware, ransomware, credit and debit card breaches, “socially engineered” emails, phishing attacks and hacked social media accounts…Remember the famous Twitter accounts hijacked for Bitcoin in July? Cyberattacks take place at the personal level and on a global scale—and happen every few seconds.
Kaseya®, a leading provider of IT infrastructure and security management solutions, compares cyberattacks to the COVID-19 pandemic in that just as the coronavirus spreads from person to person, cybersecurity malware too can spread rapidly from computer to computer and network to network; and like the pandemic, cyberattacks have the potential to put you out of business.
Concurrently, the pandemic itself has created increasing threats to cybersecurity: In March, TD Ameritrade announced 100% of its global workforce was working from home; another major custodian, Fidelity, reported 90% of its workforce working from home. The widespread transition to the remote work environment eroded layers of security rooted in corporate settings, giving hackers windows of opportunity for phishing and other cybersecurity attacks, according to Dynamic COO Craig Morningstar, who heads the company’s cybersecurity and IT efforts.
“By people working from home, multiple layers of security, or fences, were removed,” said Morningstar. “Hackers started doing more phishing…they knew they had time before additional layers of security were put in place.”
It was only a matter of time before the U.S. Securities and Exchange Commission released “Cybersecurity: Ransomware Alerts” in June and July, citing “an increase in sophistication of ransomware attacks on SEC registrants, which include broker-dealers, investment advisers, and investment companies, as well as ransomware attacks impacting service providers to registrants.”
At the wealth advisory firm level, RIAIntel reported in October that 26% of family RIA offices have suffered a cyberattack and nearly two-thirds of those incidents happened within the last 12 months, according to a survey led by Boston Private. The survey was completed by 200 single- and multi-family offices with between $100 million and $5 billion in net worth. According to the report:
- 27% of family wealth advisory practices said, “implementing secure remote working protocols is one of their top risk management challenges”
- 47% said that underestimating cyber threats is “obstructing the implementation of risk management in their family office” and,
- 41% said, “complacency is an obstacle to the implementation of risk management measures.”
RIAIntel also reported, “Like family offices, RIAs that think they are too small to attract the attention of online threats are mistaken. Cyber criminals tend to seek out the ‘biggest prize’ but small- and medium-sized businesses face many of the same threats (and consequences) as large ones, according to a cybersecurity report by Cisco.”
Cybersecurity attacks can happen at the firm level with the user, with a client or a vendor, notes Morningstar. “Here at Dynamic, it’s imperative that we help advisors work with their clients to mitigate the risks.”
As such, Dynamic continuously explores ways to improve security of client data. Recently, it has made four key enhancements to fortify its cybersecurity fences:
1) RoboForm Password Complexity Generator, implemented in response to a top concern for Information Security and IT teams everywhere. According to the “2020 State of the Phish Annual Report: An in-depth look at user awareness, vulnerability and resilience” by proofpoint®, most concerning to InfoSec and IT teams is users’ tendency to reuse passwords.
2) Upgrade to Barracuda, a next-generation provider of applications and cloud security, as well as email protection, network and data security, was rolled out across the Dynamic network, essentially adding a third layer of security protection.
3) Multifactor Authenticity (MFA) for Wealth360 and Virtual Office, a security mechanism that requires two or more forms of authentication, or credentials, to verify identity and thus, the legitimacy of a transaction.
4) Enhanced Rollout of Xyven Managed Services, which conducts real-time proactive monitoring of the Dynamic network, as an end-point protection and management solution available for all Dynamic’s users.
These best practices are supported by proactive, ongoing efforts by Dynamic. For new advisors, the onboarding process includes a one-on-one cybersecurity review to assess at-risk client data and determine a firm’s risk profile; ongoing reviews are scheduled based on the profile. Ongoing education, tips and industry updates on the latest threats are posted to the practice group.
“It’s not just one solution, it’s collectively all the layers that make a difference in the effectiveness of cybersecurity,” said Dynamic CEO Jim Cannon. “Dynamic has sophisticated technology systems in place to protect client data for our growing network of advisors—it’s important for everyone to use those systems to continue to stay ahead of the threats and reduce cyber risks.”
On Thursday, Dec. 10, Dynamic will host “ELEVATE 2021: Tech Tools & Insights Wealth Advisors Need to Thrive in a New Era.” The virtual event, accessible via GoToWebinar, will feature a full agenda of educational sessions from Dynamic team members on the latest tech rollouts and ways to protect your clients’ data from cyberattacks, as well as trends and updates from Orion. Watch for more details and to register.
Cannon points out that because anyone in an organization can be a target of a cyberattack, everyone should know how they can be more cyber secure—it begins with awareness, education and training.
“Dynamic is committed to building a culture of cybersecurity and that involves everyone,” said Cannon. “Our system is only as good as those sitting at the endpoints on Wealth360, watching out for phishing and other issues, being vigilant.”
Morningstar offered the following five actionable recommendations advisors can do now to shore up cyber defense and mitigate attacks:
1) Streamline your access points: Use Wealth360 as the “front door” to BasisCode and Virtual Office.
2) Sign up for Dynamic’s RoboForms platform and Xyven sooner rather than later as these systems will be required by Q1 2021.
3) Remember that all vendor apps that contain client data must be reviewed prior to use. Dynamic performs an extensive review process for all vendors, e.g., tech and others that use client data; questionnaires have been updated to assist with due diligence.
4) Remember to submit a request for any technology you want to integrate with Wealth360; we appreciate your patience upon submitting requests.
5) Enhance cybersecurity through the use of client portals and use Dynamic technology applications to share or retain client data. Third party apps such as Dropbox™ are strongly discouraged. It’s the difference between consumer grade vs. commercial grade protection.
It is in an advisor’s best interest for their clients to use the solutions Dynamic provides for the optimal level of client data protection. For more information or if you’d like to talk with a Dynamic team member about defending against cyber threats, contact Advisor Support.
Photo credit: Philipp Katzenberger