RIA Family of Companies

Advisor prep for Data hacks and CyberSecurity Policies

By Cory Roberson, Principal at RIA Review and RIA Consults
On 10/31/17, we discussed tips for reviewing Disaster Recovery measures for your firm.  Now, let’s take a closer look at another possible standard business disruption (SBD):  Data Hacks.

Case Study (Equifax)

Seven Ways for Advisors (or Clients) to shield themselves during a hack

Contact Equifax to determine if you’re at risk.
Buy a credit report.
Purchase a credit monitoring service.
Request Credit Alerts.
Get a security freeze on accounts (prevents new lines of credit).
Change passwords.
Monitor statements.

What does the SEC say about this?

The SEC Office of Compliance Inspections and Examinations (OCIE) implemented a National Examination Program last summer and have posted several observations. The examinations focused on firms’ written policies and procedures regarding cybersecurity and included validating and testing that the policies and procedures were implemented and followed.


After examining Risk Assessments, access rights and controls, data loss prevention, vendor management, training and incident response they found a few issues that needed work.
The OCIE examiners found that many firms had not installed software patches, many of which included critical security updates. These updates help you make sure your clients’ personal information is protected and not available to folks outside your organization.
Also observed was the fact that, though most Advisors had policies and procedures in place, they only provided employees general guidance and were vague.


What about State-Registered firms?
According to an NASAA Cybersecurity Report (2017) of more than 1000 State Securities examinations:

4.1% of firms indicated that they experienced a cybersecurity incident.
85% of state registrants use computers, tablets, and/or smartphones.
 92% of firms use e-mail to contact clients (only 50% use secure email)
56.7% of firms have procedures to authenticate instructions received from their clients.
62% of firms have conducted a cybersecurity risk assessment.
44% of firms have procedures in place for cybersecurity.
47.5% have procedures for the storage of electronic data.

Conclusion

Firm Cybersecurity Policies should include the following:

Firm Cybersecurity Policies should include the following:
Maintenance and an inventory of data, information and vendors.
Detailed cybersecurity-related instructions.
Maintenance of prescriptive schedules and processes for testing data integrity and vulnerabilities.
Established and enforced controls to access data and systems.
Mandatory employee training.
Engaged senior management.









Contact us at: 650-305-2688 or our website at: RIA Review to learn more about Cybersecurity preparation for your firm.

Meta Description


RIA Review is a user-friendly online compliance management software to manage regulatory compliance requirements.


Focused Keyword


RIA Review


Sub Keywords
RIA Review compliance software
Compliance Management
SEC Compliance
SEC Audit
RIA Compliance Software Tools


FinTech’s - Domain library (for sale) includes: amlreview.com, blockdltreview.com, crowdtechreview.com, etheriumaml.com, etheriumcompliance.com, etheriummarkets.com, etheriumsolutions.com, etheriumtrading.com, findmissions.com, insuretechreview.com, litecoinaml.com, litecoinapplications.com, litecoincompliance.com, myaltcoinblog.com, myetheriumblog.com, myicoblog.com, mylitecoinblog.com, paytechreview.com, regtechschool.com, theregtechschool.com, riapackage.com, riacloudspace.com, rufranchising.com, socapschool.com.  


Contact me at: Cory@riareview.com or go to https://auctions.godaddy.com/ if interested in purchasing.



Cory Roberson is Principal of RIA Review, a compliance and document management portal (www.riareview.com) - 110+ users and growing. He is also Principal of RIA Consults - Roberson Consults Group), a consulting firm providing compliance, operations, and business development services for registered investment advisors and next-gen fintech entrepreneurs (www.robersonconsults.com) more than 160 SEC& State advisors clients across the US (including a few in Europe). Through his mission-driven arm, SoCap Missions, he has volunteered for programs in S. Korea, China, S. Africa, Thailand, and India. 






No comments:

Powered by Blogger.