Finance Firms and Information Security

Financial Advisors have a unique role in the wellbeing of numerous financial futures. With that role comes a unique set of requirements and many different hats. You have to be a people person, a numbers person, a risk taker, a risk mitigator, and an advocate on behalf of the millions (maybe billions) of dollars that you are responsible for. Your clients have placed an immense amount of trust in you and your organization to grow, safeguard, and manage the wealth of their family and portfolios. In return, they demand trust and transparency. Those two words have been the common theme throughout the 2020 Finovate Digital Conferences, GDPR, CCPA, & FINRA requirements. As our world shifts, the financial services industry has become increasingly responsible for the digital data that is stored on their devices as well as the traffic coming and going from their networks. 

With all the increased pressure to follow the new rules and regulations, operations and compliance professionals are just trying not to pull out their hair. Much like with any Small-Medium sized Business (SMB) in 2020, the financial conditions they find themselves in does not allow any room for uneconomical investments. As a result, information security measures are often left at the minimum requirement for compliance standards. Unfortunately, these minimum requirement achievements do not equate to an actual security posture due to the dynamic environment and diverse threat landscape cybercriminals reside in. If the SMB in question doesn’t see or believe that any damage could occur or believe that the likelihood of a cyber incident arising is both small, then information security funding may not appear above the budgetary cut line. 

The dichotomy of information security solutions available is drastically different for an enterprise or government system vs a SMB. For large enterprises, government agencies and contractors, the effectiveness of the information security solution is directly proportional to the size of the budget that is available. Not the actual monetary value of the information being protected, or the impact of an incident and the losses associated. For large organizations and government, the cost of information security can be greater than the economic risk that is associated with an incident. Until Steel Patriot Partners found a way to address the disparity in the dichotomy of solutions, SMB’s were forced to fend for themselves and still pay compliance fines from the SEC, FINRA, and any other governing body.   

Instead of being a binary compliance model (either good or bad) with an analog process (no checkpoints), we have adopted the mindset of growth and comfortability. We have taken the principles that are mandated for government and large enterprise security solutions and allow SMB’s the same access to the frameworks, standards, policies, and procedures – but for a fraction of the complexity. We do this by incorporating what we call a Maturity Model, this allows a business to ‘grade’ its information security maturity against a scale of progress (0-5.) By changing the structure from a binary to a tiered compliance model, the measure of process maturity shows your business how institutionalized your information security program really is. This also allows SMB’s to allocate resources and progress at a rate that is not only comfortable to them mentally, but economically. RIA’s, PWA’s, & Financial Services will probably never be incentivized to invest in information security the same way large enterprises or government organizations and contractors are. But if information security can be simplified and your compliance officer can find some breathing room – your clients won’t be the only ones to benefit from an enhanced security posture. The entire business will.