Robin Brown - workplace

Analysis of FINRA 2017 Exam Finding and 2018 Exam Priorities

Posted by Asset Managers Audience Broker-Dealers Family Offices Registered Investment Advisors White Papers No Comments
Our observations about FINRA’s 2017 Exam Findings, 2018 Priorities and their potential relevance for Broker-Dealers

There was no shortage of headline-grabbing cyber-related events in 2017; leaks from Equifax, Verizon and Deloitte as well as the WannaCry ransomware attack. It is clear from reading these FINRA missives that cybersecurity and technology risks continue to consume the financial services community. Cybersecurity is essentially a stand item on FINRA’s annual examination roadmap, and its inclusion again in 2018 further solidifies this conclusion.

 
Download white paper

The cybersecurity problem requires human solutions

Posted by In the News No Comments

In the wake of headline-grabbing hacks like Equifax, experts weigh in on how advisors can step-up their protection.

Despite headlines all month showing the scope of compromised personal information in attacks on Equifax, Yahoo and the SEC, many advisors still aren’t taking cybersecurity seriously.

An examination of more than 1,200 investment advisors by the North American Securities Administrators Association uncovered 698 deficiencies, including no or inadequate cybersecurity insurance, no testing of cybersecurity vulnerability, lack of procedures regarding securing or limiting access to devices, no technology specialist or consultant and a lack of procedures regarding hardware and software updates or upgrades.

Read more at WealthManagement.com

 

SEC hacking underscores the importance of a secure cloud platform

Posted by In the News No Comments

When it rains, it pours. Shortly after the Securities and Exchange Commission (SEC) was the subject of a Government Accountability Office report stating that it must do more to protect its computer systems from cyber-attacks, the regulator announced that its EDGAR network suffered a security breach last year. The SEC originally didn’t believe that anyone’s personal information had been compromised, but later, after a detailed forensic analysis, the regulator discovered that the names, birthdates, and Social Security numbers for two people had indeed been exposed.

This series of events powerfully illustrates the rapid growth and expansion of the cyber threat. Even one of the most powerful federal regulators, responsible for setting and enforcing standards on cybersecurity for financial services firms, finds it challenging to stay one step ahead of cyber-criminals.

I did not write this article to criticize the SEC. The regulator’s staff members deserve praise for their commitment to consistently improving the security of sensitive financial information, and investment firms’ computer systems in general, across the industry. The point I’m making is that if even the SEC can fall victim to hackers, no financial advisory practice or other business, regardless of size, can afford to make light of the cyber threat.

 

Are you doing all you can to protect your data properly?

Posted by Asset Managers Audience Broker-Dealers Family Offices Registered Investment Advisors White Papers No Comments
Dealing with cybersecurity incidents is not a question of ‘if’ but rather ‘when’ it happens

Cybercrime continues to be a very serious problem in the financial industry. The number and sophistication of malicious attacks has increased over the last few years and is not expected to slow down anytime soon. While the latest OCIE alert shows a marked increase in overall cybersecurity preparedness and awareness by advisors and broker-dealers, there are still areas where firms are failing. This white paper details our observations in the field and provides real-world guidance to the security issues advisors and broker-dealers are facing on a daily basis.



Download white paper

Public, private, or hybrid: which cloud is right for your practice?

Posted by In the News No Comments

The type of cloud computing solution you choose must be the one that best aligns with your practice’s clients, resources, expertise, business model and goals

As more wealth management firms trade in their licensed software for cloud-based digital technology solutions, those that haven’t made the switch are understandably eager to find out more about the cloud and the benefits it can provide.

However, before beginning due diligence on providers of cloud-based solutions, they need to first understand which type of cloud is the right one for them. Even among IT experts, the term “cloud” can mean different things to different people. The cloud isn’t just “the cloud”. There are public, private and hybrid clouds, and they work in different ways. RIAs and broker dealers have to identify which cloud is the right choice for their individual practice at the start of the process.

SEC to advisors: improve cybersecurity preparedness

Posted by In the News No Comments

Financial advisors have more work to do when it comes to protecting their systems from hackers, InvestmentNews reports, citing cybersecurity examination results released this week by the SEC.

“In general, the staff observed increased cybersecurity preparedness since our 2014 Cybersecurity Initiative. However, the staff also observed areas where compliance and oversight could be improved,” the SEC noted in its exam risk alert bulletin.

Advisory firms should more closely adhere to their stated cybersecurity policies, keep current on security patches and correct all vulnerabilities detected, the SEC noted. These observations stem from examinations of 75 firms, including broker-dealers, investment advisers and funds conducted from September 2015 through June 2016.

Read more at Barron’s

How Advisors can Ensure Client Data is Protected When Working Remotely

Posted by In the News No Comments

View on iris.xyz

Mobile devices have made it possible for financial advisors, and professionals in a wide variety of other industries, to seamlessly conduct business and engage with clients in any location, and at any time, outside the office. But while laptops, iPads, and smartphones have enabled advisors to complete work and collaborate with colleagues and clients from home and on the road, these mobile devices can also increase the risk of security breaches if they are not properly secured and monitored.

One misplaced or stolen mobile device, or password, is all it takes for hackers to access clients’ sensitive financial information. Advisory practices whose data is compromised can not only face regulatory scrutiny and fines, but also permanent damage to their reputations which could put their very survival in the industry in jeopardy.

However, advisors don’t need to sacrifice convenience for effective cybersecurity. Below are tips that advisors can follow to make sure all data, documents, and emails on their firm-approved mobile devices are secured against hackers.

1. Implement Multi-Factor Authentication & Other Security Controls on All Mobile Devices

Cyber-criminals, along with the technology systems they seek to infiltrate, are becoming more and more sophisticated. So, needless to say, it shouldn’t be easy for them to figure out a mobile device’s password. Unfortunately, hackers are quite crafty, so advisors need to add an extra layer of protection to their firms’ mobile devices by implementing two-factor authentication. This authentication process requires users to enter a standard password in addition to a one-time code that can’t be entered again when they connect from unrecognizable devices.

Advisors can further secure their firm’s mobile devices by rolling out security controls that enable certain authorized users, as opposed to all practice employees, to access client data. These controls ensure that only select employees can download, copy, forward, or print sensitive information from their devices.

Centennial State Sets Cybersecurity Example

Posted by In the News Think Advisor No Comments

View on Think Advisor

New regulations in Colorado set ‘commodity security’ apart from robust cybersecurity practices

Justin Kapahi, vice president of solutions and security at Workplace, is excited about a new set of cybersecurity regulations for financial institutions that were recently passed in Colorado.

The Colorado Division of Securities published final rules in mid-May that compel broker-dealers and investment advisors to establish and maintain written cybersecurity procedures designed to protect clients’ personal confidential information. Those procedures include using secure emails that employ encryption and multifactor authentication practices for employees to access databases, among other things.

Kapahi believes these rules will go a long way toward helping financial advisory firms in Colorado understand how best to protect themselves from hackers. Even if most firms in this industry have in place what Kapahi calls “commodity security” (firewalls and anti-virus protection, for example), many are not truly equipped to counter “socially engineered threats” like spam emails that look innocuous but can result in major database breaches.

How To Ensure Cloud-Based Tech Vendors Are Truly Secure Partners

Posted by In the News No Comments

View on WealthManagement.com

If your firm’s SaaS provider doesn’t follow state-of-the-art security measures, then you are placing your practice and your clients at serious risk.

In our digital age, most wealth management firms have embraced cloud-based — a.k.a. “software as a service” (SaaS) — technology solutions for their practices. But as SaaS applications and platforms continue to overtake traditional licensed software as the tools of choice for the wealth management industry, financial advisors looking to make the transition to the cloud should proceed carefully.

Given the significant repercussions that wealth management firms can face after a data breach, such as loss of clients, regulatory fines and permanent damage to their reputations, they need to perform extensive due diligence on potential SaaS vendors to make sure client data will not be compromised. If your firm’s SaaS provider doesn’t follow state-of-the-art security measures, or if the companies it contracts with are vulnerable, then you are placing your practice and your clients at serious risk.

Cybersecurity looms as adviser business threat

Posted by In the News No Comments

View on InvestmentNews

U.S. officials have warned for many years that cybercrime is one of the greatest threats facing the nation, and now financial advisers have to face the reality that their businesses are also vulnerable to digital attacks.

News headlines regularly carry stories of broker-dealers and advisers increasingly being targeted by sophisticated hackers aiming for clients’ personal information and funds. Wealth managers also are getting more attention from regulators, which are fining financial firms that fail to be mindful of cybersecurity, including all the actions of their employees and third-party partners.

Article from InvestmentNews

Ready to take a test drive?

Contact Us