Posts

RND Resources Inc

Investment Firms need a Cyber-secure Corporate Culture

Protecting client and company data from cyber breach should be a critical operations objective for Investment Advisory firms today. The risks reach beyond unsuspected internal hacks to software and servers, while cloud computing adds an additional layer of threat. Addressing procedures for protecting data as a corporate culture increases the chances of survival in the ever evolving cyber hack landscape.

 

Attackers use advanced skills and weapons to organize assaults. Long-term cyber attack strategists sneak in to systems and gather information for later use. Other criminals look for easy targets where they can steal money and disrupt business; including holding websites and proprietary data for ransom. Financial industry firms are particularly vulnerable to Web-App attacks and DoS (denial of service), as well as Insider threats.Cyber Attacks profile 2014

Many RIA firms have not yet become adept at developing sound cyber security tactics. They leave themselves and their clients at risk for sudden loss of information, embarrassment, and unforeseen recovery costs. The first step in creating a cyber security strategy should be a comprehensive evaluation of risk and education of threats that exist.

Educating Investment firm staff on how to spot cyber threats can go a long ways in ensuring against attack. Large to small firms should to have a practical guide to inform employees on rules and procedures. Every list should include the basics: 

  • Never email sensitive data to clients. Use HTTPS secure portals and encrypted technology to handle exchange of information such as account information, wiring instructions, and passwords. Implement a secret code word with clients to ensure authenticity and verbally confirm transfers.
  • When traveling, use only secure data connections. Free wi-fi access is often times a prime opportunity for criminals to gain access to your account data, log ins, and passwords. Be aware of your surroundings and be sure to protect view of your screen from onlookers.
  • Train staff to identify suspicious emails, phishing attempts, and protect identity. Require virus scan and manager approval for downloading attachments. Remind staff to carefully protect confidential personal information on social media sites. Sharing information such as maiden names, middle names, and date of birth present an easy opportunity for thieves to take over identity.
  • Require two-step authentication for secure systems. Hackers are known to use advanced algorithms and spyware to crack system passwords. Adding a 2nd layer of protection such as; thumb or hand print validation, or authentication images can stop a threat and identify an attempt for the IT department.
  • Update passwords no less than every 3 months and use different passwords for separate systems. Once hackers discover a password, they will try it across other company systems and portals. Stop them cold by varying log-in id’s and passwords. Create alpha-numeric passwords and include special characters.

Cloud computing adds an additional level of threat to firms, in that firms generally don’t have direct control over the cyber security of their cloud resources. SaaS spending is showing a dramatic growth rate with cloud computing estimated to reach a worldwide sales volume of $127.5 billion by 2020 according to Forbes. This indicates the robustness of cyber security going forward will often times lay in the hands of those providing cloud resources. However, securities firms and investment advisers are still accountable for using poor judgment in cloud computing arrangements.

Have you tested staff, cloud services, and internal systems to see how they respond to potential threats? Can the staff identify a potentially malicious email or attachment and prevent an attack?

Evaluate the risks

For investment firms, loss due to cyber breach can incur further costs beyond repair, such as fines and sanction by authorities. RND Resources, Inc. will be covering regulatory guidelines and strategies at our New York compliance round table for RIA compliance officers and firms on June 29 2015. We’ll be covering regulatory guidelines and addressing the specific rules investment firms must follow.

RND has expertise in regulatory compliance and is able to assist firms in setting up security controls; and identifying procedures, policies, and standards to maintain data safekeeping.

Contact us to evaluate your cyber-security program, create a procedures checklist, and provide guidance on how to comply with regulatory standards. For quotes call (818) 657-0288.

Fields marked with an * are required
Are you protected from Cyber Threats

CyberSecurity – Governance and Risk Management

Are you protected from Cyber ThreatsRecent news stories indicate the corporate world has lost millions, if not billions, of dollars due to outdated or ineffective Cybersecurity infrastructure. At RND Resources, our trained team of Cybersecurity experts strategize closely with our clients to create a cost effective Cybersecurity governance framework.  Designs are created to address risk management policies, structures, while implementing controls to effectively identify and manage security risks.

We provide services to successfully protect Broker-Dealers, Registered Investment Advisors, Hedge Fund Managers, and Family Offices from today’s threats.

The RND Resources Cybersecurity Services include:

  • CyberSecurity Risk Assessment
  • Technical Controls
  • Incident Response Planning
  • Vendor and third-party Information Management
  • Staff Training
  • Cyber Intelligence and Information Sharing
  • Cyber Insurance

Let us help you learn about and navigate the latest industry standards. We’ll answer any questions surrounding Cybersecurity and/or Compliance. We’re here to help you. As a trusted Cybersecurity and Compliance advisor, we can assist you with every level of Cybersecurity and Compliance.

Find more information about our Cybersecurity Compliance services on our website, or contact Tarik Munisoglu (818) 835 7105 or by email to tarik@finracompliance.com.

Download our free Guide to CyberSecurity Planning

Fields marked with an * are required