In the News

The Cybersecurity Problem Requires Human Solutions

Posted by In the News No Comments

View on WealthManagement.com
In the wake of headline-grabbing hacks like Equifax, experts weigh in on how advisors can step-up their protection.

Despite headlines all month showing the scope of compromised personal information in attacks on Equifax, Yahoo and the SEC, many advisors still aren’t taking cybersecurity seriously.

An examination of more than 1,200 investment advisors by the North American Securities Administrators Association uncovered 698 deficiencies, including no or inadequate cybersecurity insurance, no testing of cybersecurity vulnerability, lack of procedures regarding securing or limiting access to devices, no technology specialist or consultant and a lack of procedures regarding hardware and software updates or upgrades.

Read more at WealthManagement.com

 

SEC Hacking Underscores the Importance of a Secure Cloud Platform

Posted by In the News No Comments

View on iris.xyz

When it rains, it pours. Shortly after the Securities and Exchange Commission (SEC) was the subject of a Government Accountability Office report stating that it must do more to protect its computer systems from cyber-attacks, the regulator announced that its EDGAR network suffered a security breach last year. The SEC originally didn’t believe that anyone’s personal information had been compromised, but later, after a detailed forensic analysis, the regulator discovered that the names, birthdates, and Social Security numbers for two people had indeed been exposed.

This series of events powerfully illustrates the rapid growth and expansion of the cyber threat. Even one of the most powerful federal regulators, responsible for setting and enforcing standards on cybersecurity for financial services firms, finds it challenging to stay one step ahead of cyber-criminals.

I did not write this article to criticize the SEC. The regulator’s staff members deserve praise for their commitment to consistently improving the security of sensitive financial information, and investment firms’ computer systems in general, across the industry. The point I’m making is that if even the SEC can fall victim to hackers, no financial advisory practice or other business, regardless of size, can afford to make light of the cyber threat.

In fact, small businesses are at higher risk of a security breach than their larger counterparts. Half of all businesses with 250 or fewer employees have been targets of cyber-attacks, according to the National Small Business Administration, and as Experian has reported, 55 percent of small businesses close up shop within six months of experiencing a security breach.

 

Public, Private, or Hybrid: Which Cloud is Right for Your Practice?

Posted by In the News No Comments

View on WealthManagement.com

The type of cloud computing solution you choose must be the one that best aligns with your practice’s clients, resources, expertise, business model and goals

As more wealth management firms trade in their licensed software for cloud-based digital technology solutions, those that haven’t made the switch are understandably eager to find out more about the cloud and the benefits it can provide.

However, before beginning due diligence on providers of cloud-based solutions, they need to first understand which type of cloud is the right one for them. Even among IT experts, the term “cloud” can mean different things to different people. The cloud isn’t just “the cloud”—there are public, private and hybrid clouds, and they work in different ways. RIAs and broker-dealers have to identify which cloud is the right choice for their individual practice at the start of the process.

SEC to Advisors: Improve Cybersecurity Preparedness

Posted by In the News No Comments

View on Barron’s

Financial advisors have more work to do when it comes to protecting their systems from hackers, InvestmentNews reports, citing cybersecurity examination results released this week by the SEC.

“In general, the staff observed increased cybersecurity preparedness since our 2014 Cybersecurity Initiative. However, the staff also observed areas where compliance and oversight could be improved,” the SEC noted in its exam risk alert bulletin.

Advisory firms should more closely adhere to their stated cybersecurity policies, keep current on security patches and correct all vulnerabilities detected, the SEC noted. These observations stem from examinations of 75 firms, including broker-dealers, investment advisers and funds conducted from September 2015 through June 2016.

Read more at Barron’s

Compliance held responsible for due diligence with cloud computing

Posted by In the News No Comments

View on Compliance Reporter

As information technology and data storage continues to move further toward cloud computing, the responsibility for compliance and due diligence remains with firm’s chief compliance officers, according to Vice President of Solutions and Security at External IT, Justin Kapahi.

“The responsibilities don’t really change. There was a lot of confusion around this thinking that if you outsource you remove those responsibilities, but the truth is these vendors are still just a partner of the firm,” Kapahi told Compliance Reporter. “It is still their responsibility to make sure they have the right policies, software and that they were working together.”

Read more at Compliance Reporter

Article from InvestmentNews

SEC risk alert calls on advisory industry to do more to shore up cybersecurity

Posted by In the News No Comments

View on InvestmentNews

Financial advisory firms are getting more advice from federal regulators on steps they should be taking to protect their information systems from hackers.

Advisory firms need to do a better job of following their stated cybersecurity policies and they should correct all the vulnerabilities that periodic tests reveal, according to results from a new round of cybersecurity examinations by staff at the Securities and Exchange Commission.

Advisers also need to do a better job of keeping the firm’s security patches up-to-date, the new SEC exam risk alert said. It contained findings from 75 cybersecurity exams of advisory firms, broker dealers and funds conducted from September 2015 through June 2016.

How Advisors can Ensure Client Data is Protected When Working Remotely

Posted by In the News No Comments

View on iris.xyz

Mobile devices have made it possible for financial advisors, and professionals in a wide variety of other industries, to seamlessly conduct business and engage with clients in any location, and at any time, outside the office. But while laptops, iPads, and smartphones have enabled advisors to complete work and collaborate with colleagues and clients from home and on the road, these mobile devices can also increase the risk of security breaches if they are not properly secured and monitored.

One misplaced or stolen mobile device, or password, is all it takes for hackers to access clients’ sensitive financial information. Advisory practices whose data is compromised can not only face regulatory scrutiny and fines, but also permanent damage to their reputations which could put their very survival in the industry in jeopardy.

However, advisors don’t need to sacrifice convenience for effective cybersecurity. Below are tips that advisors can follow to make sure all data, documents, and emails on their firm-approved mobile devices are secured against hackers.

1. Implement Multi-Factor Authentication & Other Security Controls on All Mobile Devices

Cyber-criminals, along with the technology systems they seek to infiltrate, are becoming more and more sophisticated. So, needless to say, it shouldn’t be easy for them to figure out a mobile device’s password. Unfortunately, hackers are quite crafty, so advisors need to add an extra layer of protection to their firms’ mobile devices by implementing two-factor authentication. This authentication process requires users to enter a standard password in addition to a one-time code that can’t be entered again when they connect from unrecognizable devices.

Advisors can further secure their firm’s mobile devices by rolling out security controls that enable certain authorized users, as opposed to all practice employees, to access client data. These controls ensure that only select employees can download, copy, forward, or print sensitive information from their devices.

Centennial State Sets Cybersecurity Example

Posted by In the News Think Advisor No Comments

View on Think Advisor

New regulations in Colorado set ‘commodity security’ apart from robust cybersecurity practices

Justin Kapahi, vice president of solutions and security at External IT, is excited about a new set of cybersecurity regulations for financial institutions that were recently passed in Colorado.

The Colorado Division of Securities published final rules in mid-May that compel broker-dealers and investment advisors to establish and maintain written cybersecurity procedures designed to protect clients’ personal confidential information. Those procedures include using secure emails that employ encryption and multifactor authentication practices for employees to access databases, among other things.

Kapahi believes these rules will go a long way toward helping financial advisory firms in Colorado understand how best to protect themselves from hackers. Even if most firms in this industry have in place what Kapahi calls “commodity security” (firewalls and anti-virus protection, for example), many are not truly equipped to counter “socially engineered threats” like spam emails that look innocuous but can result in major database breaches.