The pandemic prompted a significant shift within the financial services space, yielding a decentralized workforce as professionals moved from the corner office to their home offices. What was believed to be a short-term solution has evolved into the new reality for many businesses. While the change may be welcome in many regards, it creates new vulnerabilities that RIAs have never encountered. Chief among them, a greater risk of cyberattacks. Globally, over 75% of institutions saw an increase in cyber attacks and crime since the pandemic began.
Cybersecurity needs to be a top priority for RIAs. Our team at GVA has been proactively designing a solution that will help advisors in the GVA network safeguard their practices and client data, and we are excited to share more on GVA SecureOffice, a new cybersecurity-focused platform powered through our partnership with Align Managed Services, a leading technology and advisory firm in the investment management industry.
Our Chief Operating Officer James Spinelli recently sat down with Align’s Chief Operating Officer, Vinod Paul, and Managing Director, Cybersecurity and General Counsel, John Araneo to discuss the latest trends in the cybersecurity space and what RIAs need to know to protect their businesses. Here’s what they had to say:
What is GVA SecureOffice and what benefits does it provide GVA advisors?
James: The GVA SecureOffice is a cybersecurity and operational platform designed for our advisors. It provides the proper cybersecurity infrastructure, rooted in the policies and procedures that our firm adheres to. It also provides managed IT services and the office applications and backend structure that they need to run their business. The platform is powered by our third party partners at Align Managed Services. Align is cutting edge in respect to cybersecurity best practices and regulatory policies, and GVA SecureOffice empowers our advisors to focus on their clients while having the peace of mind that their business is properly structured.
How does a single-point solution like GVA SecureOffice yield stronger cybersecurity measures?
James: We feel incredibly confident in the platform as we introduce it to our advisors. GVA has been using the GVA SecureOffice platform internally for over a year. We did this to best understand exactly how it works, its full potential and Align’s role. It will help yield stronger cybersecurity measures because advisors and access users will be on one secure platform with professional oversight on the cybersecurity policies and procedures we put in place for the different offices we are working with.
How will the components of GVA SecureOffice better protect GVA advisors from cyberthreats?
James: We have the best minds on this platform. There is protection from both the technology and knowledge standpoints of who our advisors will interact with at Align and GVA. Those are measures that we put in place to not only protect the advisors, but also their end clients and the personal information they hold.
Vinod: Maintaining a secure environment is a must-have from a compliance, reputational, operational, legal and due diligence standpoint. Cybersecurity is a multi-factor challenge that requires a number of layers of security. These layers are built into the technology platform we have designed for GVA SecureOffice. Aside from the technology piece, we have to ensure users know how to leverage the technology available to them.
James: Education is essential.We have quarterly compliance calls that include an educational component about cybersecurity. In our most recent session, John spoke to our advisors and employees on best practices, what to look for and more.
Vinod: The beauty of the platform is it’s evolving. We don’t just deploy dual-factor authentication and never look at it again. As the threat landscape changes, new technology becomes available that enables us to better protect our clients, and we pass on that industry-specific knowledge to the clients.
Cyber attacks have increased in recent years and have been a heightened concern as more businesses operate in a virtual environment. What do advisors need to know about the current environment for cyberthreats? How can they safeguard against cyber attacks?
John: The world has transitioned from the corner office to the home office, and the necessary protections have evolved. Technologies can accommodate protections at the end-point level. Advisors need to be mindful of this. We are no longer looking to protect just the server room. Instead we now need to safeguard the end-point, the laptop, mobile phone and other parts of a distributed network. Those who are working from home need to make prudent decisions about what has been authorized by the network. The shift to a decentralized workforce has really changed this.
What is new for advisors when it comes to cybersecurity? What changes have been made in 2021 to help better protect RIAs?
James: The applications advisors are using today have gone internet-based. They are no longer installing software on a computer and are logging into their trading platforms, performance reporting platforms, email, etc. Advisors’ work is cloud-based, and these changes open the door to vulnerabilities and have come with the need to enhance the overall platform and tools installed on computers to monitor usage and related activity on individual computers. Align has end-point services that monitor what is going on. It sends information to a centralized source that monitors if someone’s activity is unusual.
Vinod: We put a lot of emphasis on securing your identity. This is leveraged often with single sign-on, dual-factor authentication, a secure Microsoft ID and accessing SaaS-based applications, like portfolio management, banking, institutional services and more. With the decentralized workforce, we worry about the actual end-point, whether it’s in the office, a hotel room or the home, and we look at behavior and leverage artificial intelligence to identify malicious behavior.
John: Cybersecurity Risk Management contemplates balancing many fluid elements simultaneously, new attack vectors, new malware and new protective technologies. As these elements continue to evolve, one thing is constant; advisors simply cannot skimp on the underlying IT infrastructure as the foundation to a meaningful Cybersecurity program. GVA SecureOffice is providing a stronger underlying IT infrastructure advisors need to adequately protect themselves.
Are there any new elements advisors need to consider for a robust cybersecurity policy/plan?
John: In 2020, the SEC made a significant shift in the regulatory landscape by adding mobile security as a unique domain within a model cybersecurity program. As advisors continue to respond to the evolving landscape, the ability to collaborate cohesively and securely is important, and mobile security is a part of this. Mobile security has been a significant and inevitable addition, and is certainly a sign of the times.
We have also seen an increase in regulatory appetite for disaster recovery and business continuity controls. These have been heightened up the ladder on the regulatory landscape.
Why is it so important for advisors to prioritize cybersecurity in today’s environment and to do so using the right partner?
James: In general, everything that every business is doing translates back to some internet base, and they have some information stored in a network environment. Cybersecurity should be your primary concern. You don’t want to simply partner with someone because they are the least expensive or easiest to partner with. You want to partner with a firm who does this day in and day out, specializes in the space and is entirely dedicated to designing and implementing cybersecurity solutions for financial services firms. Consider this: your clients come to you for specific advice for investments. If they come to you with tax questions, you partner with a CPA who can help. The same perspective applies to cybersecurity; you want to use someone who specializes in the space.
Through GVA SecureOffice, we are partnering with Align, who we feel is best in the space, so our advisors can feel comfortable and confident in the platform.
Vinod: The two greatest assets of financial advisors are their labor and employee-base and their intellectual capital. There is a misconception among small advisors that they are “too small” for a hacker to pay attention to them. This is the wrong way to think about things.
Hackers are sophisticated and see it is easier to mine a small organization’s data. Firms like Bank of America, Wells Fargo and other large institutions have layers and layers of protections. Small financial advisors, especially those who are decentralized, may not have as many layers. GVA SecureOffice allows small individual firms to deploy enterprise-level security within their organization.
John: Advisors must address cybersecurity risk management in a meaningful way and too many vendors fail to right-size the appropriate cybersecurity controls for today’s investment managers. The SEC has declared cybersecurity as a top regulatory priority for the last nine consecutive years and ODD firms will not give any managers who lack the required controls a second bite at the allocation apple.
How are advisors missing the mark when it comes to their cybersecurity measures?
John: The biggest mistake advisors make is not taking cybersecurity seriously as a fundamental tenet of their business and failing to properly invest in underlying IT infrastructure. The industry has long tolerated inexpensive IT offerings that provide sub-par networking and IT solutions and we’ve disproved the IT vendors’ “race to the bottom” model in this industry. So the big miss is when the underlying IT structure is not taken seriously enough or isn’t invested in it properly.
Vinod: It is easy to go and try to run IT by yourself. Anyone can go into Microsoft Office 365 and start up an environment. The hard part is configuring it correctly and ensuring you can employ levels of underlying technology features.
Cybersecurity is not a project, but rather a process. You can take a methodical approach to Cybersecurity and employ a reasonable cadence in maturing your cybersecurity program over time.
For more insight on GVA SecureOffice, our partnership with Align Managed Services and the combined benefit for advisors, schedule a call with us.
Technology continues to dominate the conversation around advisor growth strategies, and the ability to leverage it as a growth tool remains an important focus for the future. Technology is my passion, and I have always been keenly focused on its role in helping businesses grow and adapt, as well as its ability to revolutionize how we approach our daily lives.
This has become even more apparent within the last year, as more advisors shifted to remote work and more firms were forced to invest in tech to keep business activities consistent. In fact, the TD Ameritrade RIA Sentiment Survey found that RIAs were investing more in technology than planned because of the pandemic, with 33% of firms upgrading tech capabilities because of the shifting workplace needs.
The last year has opened advisors’ eyes to the role technology plays in their practice and its ability to amplify impact or harness growth. Here at GVA, we have always placed a high priority on technology, leveraging it to improve how we work as a team and with the advisors aligned with us. This focus has been instrumental in our growth and ability to partner with advisors from across the country.
Technology is non-negotiable for sustained growth
While advisors know they must embrace technology in today’s world, it can be difficult to know where to start. I recommend assessing your current tech stack and examining what is working, what is being actively utilized by the team and how your practice is benefiting.
Once you have an idea of your baseline, you can begin shopping for other technology assets. There are two silos of technology: 1) tech you need and 2) tech that can help grow your business. The first category includes the basics, like your custodial platform, CRM system and other specific tools — the technology that helps you run your business efficiently. The second category involves the technology you need to grow and that empowers you to focus on specialties — the tech that gives you the “disruption factor” that will create real change.
Technology should allow you to streamline tasks, establish workflows and work smarter. When used correctly, technology can propel your practice to new heights. If your current technology package is not meeting these goals, it may be time to reevaluate how you are implementing tech into your work.
Leveraging technology for our advisors via open architecture
GVA is 100% technology-driven. We have put a very robust technology structure in place with elements that support growth. We have partnered with Align Cybersecurity to design cybersecurity policies and procedures. We offer Valor Asset Management, a comprehensive and technology-supported asset management platform; as well as AdvisorBOB, our dynamic advisor compensation software. We have worked to customize Salesforce for our team’s benefit, with specialized workflows, processes, automation and more to streamline activities and allow more time for business-building efforts. We are currently building our GVA Gateway, which will function as an intranet for our advisors to connect, share ideas and collaborate, as well as a centralized portal with the resources and tools they need to succeed.
We feel confident that we have the right tools and resources in place, and we have designed an open-architecture structure with our technology, allowing firms who align with us to opt to continue using their preferred technology platforms after joining us. They will gain access to our suite of solutions but it is up to them whether or not they use it. We view this is an excellent opportunity for our advisors to leverage what we have built to whatever extent they desire.
How technology has revolutionized GVA’s approach
Our focus on technology has been intentional and supports our larger approach to working with advisors. Our goal is to help advisors up-level their practices, as well as provide them with the tools and resources they need to grow their firms and meet their long-term objectives.
The technology we have in place is attractive to our advisor partners, but also allows us to collaborate with them in a better and more meaningful way, effectively elevating the conversation from surface-level to an in-depth and actionable discussion. We can quickly view and publish reports and benchmarks against similar advisors, and we have more visibility into our partners’ businesses so we can understand their challenges and trends. This allows us to explore challenges and create solutions in real time, connect them with other advisors who have faced similar challenges and collaborate in a way that makes everyone better. My colleagues and I can give real advice, outlining specific tools that will work for you and more. We are solely focused on helping you grow your business.
As technology becomes more central to our lives, it’s impossible to ignore the implications it can have on your practice. Technology is nothing if you don’t have anyone using it — and doing so to its full potential. We view it as one of the best tools available to meeting your short- and long-term goals and facilitating meaningful connections. For more insight on the technology we employ to improve workflows and empower advisor growth, and how we can help you leverage technology to grow your practice, schedule a call with us. Connect with us on LinkedIn and Facebook for our latest insights and team updates.