The 3 Things Financial Organizations Need to Know About Cybersecurity

, , ,

Nearly every organization has adapted to life in the digital world. With plenty of connected devices, and the number of access points into organizations is growing every year, it’s no coincidence that there is an increasing number of high-profile cyberattacks on governments, businesses, and non-profit organizations. From the alleged hacking of the 2016 U.S. election, the WannaCry ransomware, the Ukraine Petya attack (that shut down their power grid) to other lower-profile attacks, hundreds of millions of dollars of damage has already impacted organizations around the world. As a result, cybersecurity is at the front of mind for many organizations. 

Survey existing technology to find exploitable weaknesses.

Keeping software up-to-date is an essential activity to maintain your organization’s cybersecurity. The WannaCry ransomware attack, for example, exploited vulnerabilities in software that had not recently received an update.

There is a major reason why a software company might issue an update. It’s done to fix bugs and patch security risks for the end user. Organizations should ensure that all software is running on the newest version. If your RIA (or organization in general) does not maintain updated software, they run the risk of being targeted for ransomware, exposing your client’s data, or losing control of your digital platforms (website, CMS, portal, etc.).

The costs associated with a data breach (or other forms of cyberattacks) are very high and are not only monetary. A successful cyberattack on your business will cost much more than it would to implement the proper solutions and mitigate the effects of a cyberattack ahead of time. Your reputation will be hurt if you allow hackers access to sensitive data; people will lose confidence in you. Avoid these repercussions by keeping your software up to date.

Create policies to minimize human exploitation points.

Every business needs policies concerning the use of technology. Without adequate rules in place, your business is at risk of exploitation through human mistakes. Humans are often the weakest point of defence in any system. as they have traits that can be taken advantage of by malicious actors.

The definition of social engineering is:

“an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.”

There are several common methods of social engineering, from phishing (or spear-phishing) to leaving infected USBs around for employees to find use. There are countless ways to exploit the human weaknesses of your cyber-defence. Employees need to be aware of the risks and how to mitigate them.

There needs to be multiple systems in place to protect the business from threats originating from social media.Social media is an emerging platform for phishing attacks, viruses that affect social media feeds, and malicious advertisements disguised as sponsored posts. Make your employees aware of the risks associated with social media and act accordingly to protect themselves and your organizational data.

To reduce your organization’s chance of falling victim to social engineering, you need to have policies for the use of technology in place. Those policies should be enforceable and include actionable steps. The rules need to be unambiguous. They need to explicitly outline what is and isn’t allowed regarding technology, to reduce confusion among your employees.

Empower and reward employees.

To ensure you are followings best-practices regarding cybersecurity, you will need to train your staff to identify and avoid situations that put the organization at risk. Rules and technology policies mean nothing if employees are not aware of them (and following them). By training your team to follow the rules and spot vulnerabilities, your systems will be more secure.

In addition to training all staff to find and avoid security vulnerabilities, you should empower and reward them for finding potential weaknesses in your organization’s defence. By rewarding your employees (either with a cash “bounty” program, or another method), they will feel like a critical part of the organization’s security efforts. Cybersecurity is not solely the concern of IT departments.

How can you ensure that the training and reward system works? By testing and drilling staff to ensure they are following the rules. Testing your team can involve test phishing emails to see whether employees can spot a malicious email. It can include leaving a USB at their desk to see if they use it. There are many ways IT professionals can check to see if non-tech employees are following the required procedures. Let them get creative in designing their tests, as real-life malicious actors almost always act in creative ways that are hard to predict.


The main vulnerability when it comes to a cyberattack is not a piece of technology. The main weakness of any system is people. People can fall victim to social engineering. Attackers can trick your employees into giving up confidential information that could put your business at risk, so be diligent online. Human actions can expose even the most secure digital properties to severe threats.

The three steps explored above will help any organization improve the strength of their cybersecurity. It’s important to be aware of potential threats because once they hit, it may be too late.

How does your business handle the threat of cyberattacks? Do you have a policy in place governing the use of technology in your business? Let us know on Twitter @VeridayHQ or follow us on LinkedIn. In conclusion, cybersecurity is extremely important to businesses. 

“Our review process for advisor websites takes too much time and effort.”

, ,

Our review process for advisor websites takes too much time and effortThe creation and use of online content is becoming an increasing trend both within the advisor industry as well as the general digital marketing world today. When this happens in a regulated industry you begin to see increasing work loads for your compliance officers who need to review content to ensure content is inline with regulatory requirements before it gets publish (or goes live). Insurance and wealth management marketing departments also need to ensure that the changes advisors make do not fragment or negatively impact their brand.

Many wealth and insurance dealers have challenges keeping up with volume of content reviews coming at them from their advisors. Slower than average review cycles not only directly affects advisor satisfaction but also impacts an advisor’s ability to do business. It’s quite the dilemma when you consider the fact that the primary goal of the dealers is, in fact, to support advisor businesses. While there is no silver bullet to this solution, it’s important that your enterprise compliance team have the best possible review tools and business processes to keep review times at a minimum.

If online content review times are a concern to you, there are some key questions to think about as you assess your situation to determine how best to approach and improve the review process:

  • Is your compliance team approving content through email or through an automated tool?
  • Is your audit trail automatically captured or do you need to record information in a separate tool or possibly even in an Excel or other electronic spreadsheet?
  • Is the process used to review content a manual process? Are you receiving website links through an email from your advisors?
  • How are you notified that your content has been submitted? Is this information being transmitted to you from a third party tool or directly from the advisor in an email/telephone?
  • Are you constantly struggling with identifying changes between versions of the same content?
  • Does your organization have a service level agreement for content review times?
  • Do the tools you are using have the ability to track your average review times? Does your technology provider help you monitor and improve these times?

Content review times are typically drawn out due to manual business processes, a lack of awareness or inability to communicate the status of the content review process or just a shortfall in terms of the technologies compliance officers are using to perform content reviews. As such, your compliance officers have countless hours of reviews to perform beyond what they are currently resourced to do.

We understand these issues and have experience speaking with compliance teams. Moreover, we’re always interested to learn more about the complexity of a compliance officer’s workflow. As mentioned earlier, there’s no silver bullet but there are a number of key changes that can be made to improve your content review times. If you’re in the process of re-thinking your current review processes or looking for a second opinion, get in touch with us.

“I need to show auditors that all published content on our websites has been vetted and approved.”

, ,

Show auditors that all published content on our websites have been vetted and approvedIDC predicts that financial services IT spending pertaining to risk functions will reach more than $80 billion by 2017. In the world of a regulated industry, this should not come as a big surprise. This effectively indicates that due to significant investments in business processes and tools, that compliance departments will need to be very diligent of tracking and storing all data and information pertaining to everything from trades, to email communication to web and social media content. It also indicates an increase in the complexity of these organizations derived from more people, more processes and more complex workflows and access rules.

With every compliance group or individual we speak to, it’s clear that audits are a very time consuming aspect of their work. Making it easy for auditors to find information and effectively do their job, in turn makes it easier for compliance to focus on the more important day to day tasks. When it comes to website content, the reality is that it should not be hard to work with the auditors on this aspect of their review. If you’re having challenges in this space, here are a few key elements to consider especially if you’re looking for a way to reduce the amount of time your compliance departments spend with auditors:

  • Does your current platform automate and monitor the auditing and archiving of all web content being submitted by advisors and subsequently reviewed, approved or rejected by compliance?
  • Can you assign granular workflow permissions to specific individuals or groups of advisors?
  • Can you comment on specific workflows and content versions?
  • How do your marketing and compliance teams communicate with your advisors during the review process? Is that communication logged and tracked?
  • Are your pre-approved content libraries access controlled? Can you set permissions on specific pages or digital assets like documents, images and video?

In the world of compliance, you can never have enough governance around your content and the questions above are just a snapshot of what you need to consider if you’re looking to improve your audit times. If you’ve answered no to any of the above questions, we can help steer you in a direction that makes sense for your organization. Start a conversation with us and we can help you some of the initial thinking around your current processes by filling out the form below.