SANTA CLARA, Calif. – October 18, 2018 – Entreda, an industry-leading developer of integrated cybersecurity software and solutions for the retail wealth management industry, today announced the launch of its Red Flags Safeguard offering, as well as Red Flags Data Theft Insurance. The new offerings have been rolled out specifically to protect independent broker-dealers and registered investment adviser (RIA) firms, as well as their affiliated financial advisors, from Securities and Exchange Commission (SEC) violations driven by identity theft and client data cybersecurity breaches that originate among third-party vendors to firms and advisors.
“Independent firms and their financial advisors rely on third-party vendors every day for a range of back-office and client-facing tasks, from asset management to CRM, with many of these third-party solutions used for storing personally identifiable information on both clients and advisors,” said Sid Yenamandra, Co-Founder and CEO of Entreda. “Unfortunately, when these third-party vendors don’t adequately protect highly sensitive data from cyber-attacks, firms and advisors can potentially face very severe regulatory, financial and reputational damage. We’ve launched our Red Flags Safeguard and Red Flags Data Theft Insurance offering to help firms and their advisors address this significant industry gap, and maximize their ability to manage potential cybersecurity risks from third-party vendors.”
The new offering of solutions evaluates a firm’s risk of data breach through phishing and hack attempts that target the system by way of third-party services, tests how the firm would react to attacks originating at those vendors, and automatically begins corrective measures to prevent users from committing future compliance failures. Entreda’s Red Flags Data Theft cyber insurance offering, which provides comprehensive financial downside protections to firms and advisors in the event of such breaches, can be included as part of the broader suite of Red Flags Safeguard solutions, or purchased on an ‘a la carte’ basis.
Entreda’s Red Flags Safeguard and insurance offering combines the following must-have features for any cybersecurity-ready wealth management firm, encompassing the following:
- Third-party due diligence module identifies and conducts a comprehensive risk assessment of all vendors based on common industry frameworks, validates the vendor responses and CyberRisk-scores the vendors.
- Risk assessments include reviewing the nature of any firm-specific personally identifiable information stored by the vendors and acquiring missing information for crucial forms the vendors should have completed.
- CyberRisk-based Application gateway grants access to a firm’s system to only authorized vendors whose representatives have devices monitored by Entreda’s Unify platform, or those vendors with a strong regulatory and compliance track record.
- Periodic Incident Response tests on users to gauge the firm’s response time and process in real-life phishing or hacker incidents designed to penetrate common vulnerabilities — including impersonations of known vendor representatives as a means of changing passwords.
- Automated playbooks or remediation processes, such as adjusting the CyberRisk Number of the firm and user, logging the event for compliance purposes and giving phishing victims real-time onscreen training to learn best practices.
- Cyber Insurance protects firms against the monetary costs of data breaches and violations of the SEC’s Red Flags Rule by providing a streamlined application process that covers each advisor at a firm and is customized in scope and cost based on the firm’s CyberRisk Number.
Mr. Yenamandra concluded, “When third-party vendors entrusted with confidential client data suffer breaches, the firms and advisors who utilize their services are held to account. The SEC’s Red Flags Rule and recent related actions in our industry underscore how independent RIAs and broker-dealers owe it to themselves, their financial advisors, and their end clients to avoid million-dollar plus penalties by adopting the right technology-driven tools and processes to effectively manage such risks.”