Posts

Cyber Security is more than an IT Problem

Cyber Security is more than just an IT issue for Financial Firms

Cyber threats in the financial sector can mean a compromise of investor information, exposed trading algorithms, and systematic failures.  Cyber Security is more than an IT ProblemMore and more broker dealers are realizing security of their framework cannot rest solely on the heads of the IT department. When the potential damage to a firm from a cyber attack includes loss of customers, liability for losses, and fines from regulatory authorities; CEO’s and compliance officers need to closely monitor their cybersecurity program.

Spending on cybersecurity risks is expected to top $40 billion by 2017. To address issues and add stronger emphasis on cyber threats, FINRA released the “Report CyberSecurity Practices, February 2015” which outlines areas of risk and steps regulated firms need to take in protecting themselves and investors against threat. FINRA states that cyberthreats include criminals whose objective is to steal money, advance political or national objectives, or disrupt and embarrass a firm. FINRA recognizes that the tools available to hackers have become increasingly sophisticated, while insiders of a firm can also pose a similar threat. Its time for firm executives to stand up and take a leadership role to protect their company and investors from threats and attacks.

All in all, studies indicate brokerages, banks, and money managers have been lax in certain areas surrounding cybersecurity. However, financial institutions and entities are consistently among the top 3 most often impacted by cyber attacks. What is your firm doing to prevent attacks?

Studies find, it costs companies more in the long run to continually have to react to intrusions, when it would be much more efficient to invest resources in detection, prevention, and education. Ensuring IT is up to date on system patches, and educating customers and staff to recognize and report suspicious activity are easy steps CEO’s and compliance officers can take to prevent costly repairs to company data and reputation. Prevention of attacks from outside threats is key to management.

Successful cyber attacks are happening all around

Target 2013 – hackers break in to the point of sale system. The breach was found to be malware that worked its way in through the 3rd party software of Target’s heating and air conditioning service provider. The malware siphoned log in credentials and gained remote access to Targets servers. Investigators found the Target IT department was 1 year behind in implementing system patches. Are your system patches up to date?

Phishing Emails – nearly 25% of people who receive phishing emails open them and 11 percent download or click embedded links.  Virus’ and malware in these links are then spread from computer to computer through more and more emails and file transfers. Do your customers and staff know how to recognize a phishing attempt?

The 2015, Verizon Enterprise Data Breach Investigations Report indicates 96% of companies surveyed that had been attacked, did not know of the attack until law enforcement notified them.  What is your plan to address an attack after it has occurred?

 

Most firms need more than just IT advice to implement a sound cyber security approach for regulatory needs. At RND Resources, we specialize in working with broker-dealer firms and money managers to implement risk management programs that meet regulatory requirements. We analyze a firms’ cyber weaknesses and structure a practical plan to resist attacks and minimize threats. Our philosophy puts your firm and investors first in compliance and regulatory needs.

Register for our upcoming CyberSecurity and Risk Assessment Seminar in Woodland Hills, CA, June 17, 2015 to learn more about what your firm can do to thwart off cyber threats. We’ll be training compliance professionals, CFO’s, and CEO’s on guidelines and practical approaches to maintaining a sound cybersecurity governance program. Learn the steps you need to know from Dave Banerjee, CPA, as well as Sylvia Scott J.D. a former FINRA enforcement attorney, members of the FBI Cyber Crimes Unit, and Laxmi Ramanath founder of Lameera.com Risk Management Software.

RND Resources is a full service compliance and registration support firm for regulated financial companies.  We handle PCAOB audits, risk assessments, assurance services, and FINOP duties for small to mid-size Broker-Dealers, RIAs, Hedge funds, and Money managers. Choose from a full suite of services to suit the needs of your firm. We are a leading securities brokerage support firm and have been here to help since 1985.


Are you protected from Cyber Threats

CyberSecurity – Governance and Risk Management

Are you protected from Cyber ThreatsRecent news stories indicate the corporate world has lost millions, if not billions, of dollars due to outdated or ineffective Cybersecurity infrastructure. At RND Resources, our trained team of Cybersecurity experts strategize closely with our clients to create a cost effective Cybersecurity governance framework.  Designs are created to address risk management policies, structures, while implementing controls to effectively identify and manage security risks.

We provide services to successfully protect Broker-Dealers, Registered Investment Advisors, Hedge Fund Managers, and Family Offices from today’s threats.

The RND Resources Cybersecurity Services include:

  • CyberSecurity Risk Assessment
  • Technical Controls
  • Incident Response Planning
  • Vendor and third-party Information Management
  • Staff Training
  • Cyber Intelligence and Information Sharing
  • Cyber Insurance

Let us help you learn about and navigate the latest industry standards. We’ll answer any questions surrounding Cybersecurity and/or Compliance. We’re here to help you. As a trusted Cybersecurity and Compliance advisor, we can assist you with every level of Cybersecurity and Compliance.

Find more information about our Cybersecurity Compliance services on our website, or contact Tarik Munisoglu (818) 835 7105 or by email to tarik@finracompliance.com.

Download our free Guide to CyberSecurity Planning

No Fields Found.

The Upcoming SEC and FINRA Cybersecurity Sweeps. Is Your Firm Ready?

Because of all of the sensitive financial information that RIA’s, Broker Dealers and Banks keep regarding their clients, internet security has become a major concern for the wealth management industry. As, hacking techniques are growing more sophisticated, it is hard to tell who could be observing your connection and Internet activity. Due to this cyber-threat the SEC and FINRA will be conducting cybersecurity sweeps of the wealth management industry to make sure you are up to date and taking the latest precautions to protect your clients.

Why Hackers Target RIAs and Financial Firms

Bank account numbers and social security numbers are not the only thing hackers are looking to steal. Many hackers and rogue traders are hijacking trading accounts from financial firms and making unauthorized trades, as well as stealing funds.

How the SEC and FINRA Cybersecurity Sweeps Will Work

The SEC and FINRA are aware of these potential security threats and want the industry to get prepared. They have announced that this year they are planning random sweeps to test the defenses of various firms. If a firm’s cybersecurity is not up to the job, the SEC and FINRA could levy large fines as punishment for the oversight.

The SEC and FINRA will also be checking to see that firms have adequate written policies and measures for cybersecurity, a schedule of periodic tests for weaknesses in the system, and a history of fixing weaknesses in their cybersecurity. If your firm fails in any of these categories, you could be liable for a large fine.

What Your Firm Needs to Do to Prepare

The SEC and FINRA cybersecurity requirements are fairly exhaustive and could catch many firms off guard, especially smaller firms that might not have full-time tech support. If you are worried that you may have a security gap, you could try working with a third party that specializes in this type of compliance. These firms have studied the upcoming requirements and can you give a checklist of the measure you need in place in case of a sweep.

We encourage you to join our free webinar, entitled “Cybersecurity for Financial Services Firms” on July 9th where we will be discussing the procedures you need to get ready. Preparing for the SEC and FINRA cybersecurity sweeps will take some work, but it’s a fraction of the headache of dealing with a serious breach.

Reserve your Webinar seat now at:  https://www1.gotomeeting.com/register/274214880