Robin Brown

SEC to Advisors: Improve Cybersecurity Preparedness

Posted by In the News No Comments

View on Barron’s

Financial advisors have more work to do when it comes to protecting their systems from hackers, InvestmentNews reports, citing cybersecurity examination results released this week by the SEC.

“In general, the staff observed increased cybersecurity preparedness since our 2014 Cybersecurity Initiative. However, the staff also observed areas where compliance and oversight could be improved,” the SEC noted in its exam risk alert bulletin.

Advisory firms should more closely adhere to their stated cybersecurity policies, keep current on security patches and correct all vulnerabilities detected, the SEC noted. These observations stem from examinations of 75 firms, including broker-dealers, investment advisers and funds conducted from September 2015 through June 2016.

Read more at Barron’s

Compliance held responsible for due diligence with cloud computing

Posted by In the News No Comments

View on Compliance Reporter

As information technology and data storage continues to move further toward cloud computing, the responsibility for compliance and due diligence remains with firm’s chief compliance officers, according to Vice President of Solutions and Security at External IT, Justin Kapahi.

“The responsibilities don’t really change. There was a lot of confusion around this thinking that if you outsource you remove those responsibilities, but the truth is these vendors are still just a partner of the firm,” Kapahi told Compliance Reporter. “It is still their responsibility to make sure they have the right policies, software and that they were working together.”

Read more at Compliance Reporter

Article from InvestmentNews

SEC risk alert calls on advisory industry to do more to shore up cybersecurity

Posted by In the News No Comments

View on InvestmentNews

Financial advisory firms are getting more advice from federal regulators on steps they should be taking to protect their information systems from hackers.

Advisory firms need to do a better job of following their stated cybersecurity policies and they should correct all the vulnerabilities that periodic tests reveal, according to results from a new round of cybersecurity examinations by staff at the Securities and Exchange Commission.

Advisers also need to do a better job of keeping the firm’s security patches up-to-date, the new SEC exam risk alert said. It contained findings from 75 cybersecurity exams of advisory firms, broker dealers and funds conducted from September 2015 through June 2016.

How Advisors can Ensure Client Data is Protected When Working Remotely

Posted by In the News No Comments

View on iris.xyz

Mobile devices have made it possible for financial advisors, and professionals in a wide variety of other industries, to seamlessly conduct business and engage with clients in any location, and at any time, outside the office. But while laptops, iPads, and smartphones have enabled advisors to complete work and collaborate with colleagues and clients from home and on the road, these mobile devices can also increase the risk of security breaches if they are not properly secured and monitored.

One misplaced or stolen mobile device, or password, is all it takes for hackers to access clients’ sensitive financial information. Advisory practices whose data is compromised can not only face regulatory scrutiny and fines, but also permanent damage to their reputations which could put their very survival in the industry in jeopardy.

However, advisors don’t need to sacrifice convenience for effective cybersecurity. Below are tips that advisors can follow to make sure all data, documents, and emails on their firm-approved mobile devices are secured against hackers.

1. Implement Multi-Factor Authentication & Other Security Controls on All Mobile Devices

Cyber-criminals, along with the technology systems they seek to infiltrate, are becoming more and more sophisticated. So, needless to say, it shouldn’t be easy for them to figure out a mobile device’s password. Unfortunately, hackers are quite crafty, so advisors need to add an extra layer of protection to their firms’ mobile devices by implementing two-factor authentication. This authentication process requires users to enter a standard password in addition to a one-time code that can’t be entered again when they connect from unrecognizable devices.

Advisors can further secure their firm’s mobile devices by rolling out security controls that enable certain authorized users, as opposed to all practice employees, to access client data. These controls ensure that only select employees can download, copy, forward, or print sensitive information from their devices.

Centennial State Sets Cybersecurity Example

Posted by In the News Think Advisor No Comments

View on Think Advisor

New regulations in Colorado set ‘commodity security’ apart from robust cybersecurity practices

Justin Kapahi, vice president of solutions and security at External IT, is excited about a new set of cybersecurity regulations for financial institutions that were recently passed in Colorado.

The Colorado Division of Securities published final rules in mid-May that compel broker-dealers and investment advisors to establish and maintain written cybersecurity procedures designed to protect clients’ personal confidential information. Those procedures include using secure emails that employ encryption and multifactor authentication practices for employees to access databases, among other things.

Kapahi believes these rules will go a long way toward helping financial advisory firms in Colorado understand how best to protect themselves from hackers. Even if most firms in this industry have in place what Kapahi calls “commodity security” (firewalls and anti-virus protection, for example), many are not truly equipped to counter “socially engineered threats” like spam emails that look innocuous but can result in major database breaches.

How To Ensure Cloud-Based Tech Vendors Are Truly Secure Partners

Posted by In the News No Comments

View on WealthManagement.com

If your firm’s SaaS provider doesn’t follow state-of-the-art security measures, then you are placing your practice and your clients at serious risk.

In our digital age, most wealth management firms have embraced cloud-based — a.k.a. “software as a service” (SaaS) — technology solutions for their practices. But as SaaS applications and platforms continue to overtake traditional licensed software as the tools of choice for the wealth management industry, financial advisors looking to make the transition to the cloud should proceed carefully.

Given the significant repercussions that wealth management firms can face after a data breach, such as loss of clients, regulatory fines and permanent damage to their reputations, they need to perform extensive due diligence on potential SaaS vendors to make sure client data will not be compromised. If your firm’s SaaS provider doesn’t follow state-of-the-art security measures, or if the companies it contracts with are vulnerable, then you are placing your practice and your clients at serious risk.

Article from InvestmentNews

Cybersecurity looms as adviser business threat

Posted by In the News No Comments

View on InvestmentNews

U.S. officials have warned for many years that cybercrime is one of the greatest threats facing the nation, and now financial advisers have to face the reality that their businesses are also vulnerable to digital attacks.

News headlines regularly carry stories of broker-dealers and advisers increasingly being targeted by sophisticated hackers aiming for clients’ personal information and funds. Wealth managers also are getting more attention from regulators, which are fining financial firms that fail to be mindful of cybersecurity, including all the actions of their employees and third-party partners.

Colorado Raises the Bar in Buyside Cybersecurity

Posted by In the News No Comments

View in FinOps Report

Banks might not be the only financial institutions needing dedicated chief information security officers (CISOs) to oversee and enforce a cybersecurity program.

As FinOps Report goes to press, the  Colorado Division of Securities is set to finalize rules which, as of July 15, will make the state the first in the US to require fund managers and broker-dealers to follow a required list of procedures to mitigate the potential for a data breach. Even if the appointment of a CISO is not mandated, fund managers and broker-dealers would have to follow some of the same requirements recently imposed by New York State for banks. Therefore, they would need to pick someone to handle the same responsibilities.

How Wealth Managers Can Identify the Right Cloud Technology

Posted by In the News Think Advisor No Comments

View on Think Advisor

Although cloud computing is fast becoming the norm in IT, many people still have trouble defining “the cloud.” Even among IT experts, the term “cloud” can refer to a wide variety of different technologies that are only connected in a general sense.

This confusion makes it hard for wealth managers to know whether the cloud is secure enough to support their firms’ critical information and workflows. The answer to this question isn’t so much “yes” as “yes, it can be.” Not all clouds are created equal, especially when it comes to management and infrastructure. In order to experience the full benefits of the cloud, wealth managers need to understand which type of cloud solution is the right fit for their practice before they begin the transition process.

Not all Clouds are Equal: Demystifying the ‘Public Vs. Private’ Debate

Posted by Asset Managers Audience Broker-Dealers Family Offices Registered Investment Advisors White Papers No Comments

Is the Cloud Secure Enough to Support a Wealth Management Firm’s Critical Company Information?

Different clouds do different things. As such, choosing the right approach to the cloud can have a significant impact, both short- and long-term on a wealth management firm’s business.

Ask a wealth management colleague to define “the cloud” and you are likely to get a vague response. Even among IT experts the term “the cloud” can have different meanings. And despite the fact that cloud computing has become the IT norm, questions remain about its security remain.  The truth is not all clouds are equal in infrastructure and in management.  This white paper is for wealth management professionals who seek to understand “the cloud” and how these technologies can support their overall business goals.

Download White Paper Here