Posts

Solving Cybersecurity on-demand webinar

On-demand webinarWe get it. As executives and IT professionals, you are busy. To that end, we are debuting a new series of short on-demand webinars intended to answer the most commonplace requests we receive. These webinars are designed to connect your firm’s real-world problems with the solutions that address them. They are short and available on your timetable—no signing up for a scheduled webinar and then missing it because you get pulled into a meeting!

The first video is for financial services firms needing guidance on strengthening cybersecurity readiness and compliance response.

Better understand how to effectively respond to the moving target of the twin challenges of cybersecurity and compliance with our free on-demand webinar.

This short compliance and cybersecurity webinar focuses on the following topics:

  • IT Pillars of compliance
  • Cybersecurity priorities for SEC compliance
  • Tips on how to improve cyber readiness and meet compliance
  • And more!

→ Sign up here to watch the webinar.

On-demand webinar

CISA alert

Critical Cyber Threats - CISAYesterday, the Cybersecurity Infrastructure & Security Agency (CISA), the federal agency charged with protecting the nation’s cyber infrastructure, released a notice from the National Cyber Awareness System. Based on recent malicious cyber incidents in Ukraine, CISA urges organizations across all sectors and of any size to be on alert for malicious cyber activity. The agency also provided a checklist of actions to take immediately.

To reduce the likelihood of destructive cyber intrusions, CISA recommends that business leaders immediately:

  1. Institute multi-factor authentication
  2. Ensure that software is up to date
  3. Disable all ports and protocols that are not essential for business purposes
  4. Review and implement strong controls for cloud services
  5. Conduct vulnerability scanning

CISA also advises that organizations take the following steps to detect potential intrusions:

  1. Identify and assess unusual network behavior. Enable logging to investigate issues better.
  2. Protect networks with antivirus and antimalware software and that these tools are up to date.
  3. Closely monitor traffic and review access controls if dealing with Ukrainian organizations

Additional recommendations can be found at CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats.

If your organization requires assistance with implementing these and other cybersecurity initiatives, reach out to our security experts.

 

FINRA Rule 4370

FINRA Rule 4370

The Financial Industry Regulatory Authority (FINRA) recently announced the completion of the review process for FINRA Rule 4370 and upholds the Rule as it currently stands. The agency put the Business Continuity Plan (BCP) Rule 4370 into place to ensure continuity of operations for broker-dealer firms following a disruption or disaster. FINRA based its decision to keep 4370 intact on the recently completed BCP Rule and Pandemic Review, both of which highlight the benefits of the Rule.

The FINRA BCP Rule requires broker-dealers to maintain continuity plans designed to ensure their ability to resume business operations after an interruption or in the event of a disaster. Regulatory Notice 21-44 provides clarification of FINRA’s compliance obligations for broker-dealers waiting to see where the agency would land regarding updating or maintaining the Rule.

Background on Rule 4370

In early 2019, announced a review of the Rule to determine its effectiveness and viability. In addition, the agency considered the costs, risks, and benefits associated with developing, maintaining, and implementing BCPs against not utilizing them.

According to FINRA’s announcement, stakeholders reported that Rule 4370 was working as intended. FINRA observed that the Rule’s “flexible, non-prescriptive, and risk-based approach has been effective in ensuring firms of all sizes are prepared for potential business disruptions.”

Additionally, during the early stages of the pandemic, FINRA also published Regulatory Notice 20-08, which recommended that member firms review their plans for pandemic preparedness.

What Does This Mean For Your Firm?

FINRA has made it clear that firms should continue developing and maintaining plans according to Rule 4370. However, the agency will not be providing specific guidance; firms are on their own when it comes to fulfilling the requirements for compliance.

What Are the Next Steps?

New and established brokerage firms will need to evaluate their status regarding Rule 4370 to guarantee compliance and that they are operating with an effective BCP. However, a BCP alone is not enough to ensure continuity.

For firms looking to assess their disaster readiness and compliance, there are six critical components of a BCP that will be there when you need it.

    1. Establish or Evaluate Existing BCP
    2. Test BCP
    3. Validate Vendor Readiness to Support BCP
    4. Ensure Remote Access for Essential Personnel
    5. Educate Personnel and Conduct Training
    6. Routinely Repeat this Process

By following these steps, your firm will be prepared for potential business disruptions and remain compliant. Of course, there is more involved in each of these steps. For more granularity, read our post, Business Continuity Checklist for Financial Services Firms, which outlines just how to assure operational continuity and data protection.

Coretelligent is here to help your firm navigate the details in developing and maintaining a business continuity plan. We can also assist with incorporating it into your IT strategy, cybersecurity solutions, and compliance reporting. As an MSP with considerable experience within the financial services industry, Coretelligent understands the regulatory imperatives required of you and your business. That is one of the main benefits of working with an IT partner with deep industry knowledge and expertise.

Reach out and we will work with your IT and compliance teams to review your BCP and develop a roadmap to make sure your firm is secure.

How to Effectively Assess Enterprise Backup Solutions?Disasters and cyber-attacks happen, but data loss does not have to be inevitable. Data loss can be avoided or mitigated with a robust backup and disaster recovery solution (BDR). Surviving a catastrophic data loss event depends on choosing the right BDR solution. But you need to understand the critical components in order to successfully evaluate enterprise backup solutions.

What is BDR?

Comprehensive BDR solutions offer recovery options for various data loss scenarios. Determining the correct solution is a deliberate and tactical process that evaluates business data, applications, operations, and risk exposure.

Solutions often include a hybrid of daily backups and more frequent replication of virtual servers to a secondary storage site for rapid recovery. They may also include cloud-to-cloud (C2C) backup, especially for companies that use SaaS applications like Microsoft365. Daily backups provide long-term recovery capabilities. While backup replication allows for the rapid failover of business operations to a disaster recovery (DR) site.

At this point, it’s important to point out the pitfall of relying on a primary cloud provider as a backup source for your data. Several of the larger cloud services note that they are not responsible for maintaining the integrity of data stored on their systems. Instead, it is critical to choose a BDR partner with an appropriate backup and disaster recovery solution. A true BDR solution involves more than just having a second copy of your data. A BDR process ensures that your data is redundant, accessible, and viable.

What Does a Secure BDR Solution Encompass?

Every company has its own set of data recovery requirements. Therefore, recovery point objectives (RPOs) and recovery time objectives (RTOs) will vary. RPOs identify how often data should be backed up or replicated. In contrast, a RTO describes how quickly data can be recovered.

Furthermore, regulatory or compliance standards must be evaluated to see whether they have any consequences for data security. For example, financial services and life science companies are subject to stringent rules regarding the protection of digital assets.

Another necessary element in a data backup and disaster recovery strategy is developing and documenting a BDR plan. A BDR plan includes procedures for recovering data and systems, testing and validation methods, and identifying essential recovery personnel. This plan is crucial to ensure business continuity.

A final must-have component for any BDR plan is testing the recovery process regularly. Any difficulties or failures discovered throughout the testing process can be recorded and analyzed for modifications to the BDR strategy. In addition, test laboratories can be set up within a “sandbox” environment to minimize disruption to the manufacturing environment.


The ABCs of BDR WhitepaperWhite Paper Download

The ABCs of Backup and Disaster Recovery (BDR)

This white paper explains how data loss occurs, how backup and disaster recovery (BDR) works and helps you understand what to plan for and how to evaluate your BDR solution.

Three Core Principles

Whatever your BDR strategy entails, it should provide the core values of scalability, reliability, and resiliency.

  • Scalable BDR solutions expand as your business grows without exceptional effort by your team.
  • Whether on-premise or a cloud backup, a reliable solution is fully redundant and accessible from any physical location.
  • Resiliency requires protecting data from ransomware attacks and other threats.

Advanced recovery solutions take a multi-pronged approach in managing risk, including a dedicated team of professionals available for client support.

A Trusted BDR Partner

CoreBDR, Coretelligent’s fully managed backup and disaster recovery solution, meets the data protection requirements of the digital enterprise. CoreBDR offers secure, high-performance, cloud-based backup and restoration to deliver operational resiliency to your organization. CoreBDR is available for organizations with on-premise infrastructure and cloud environments and can be customized to fit your business operations. Our expert team has deep experience delivering to clients of all sizes in financial services, life sciences, and other industries.

Emerging Threats Signal More Trouble for Financial Services Cybersecurity

Hedge funds, private equity companies, venture capital, and other financial services firms are prime targets for cyber criminals seeking to compromise data-rich institutions. Additionally, as keepers of valuable personal identifiable information (PII) and propriety data, the financial services sector is subject to increasing regulatory requirements as the cybersecurity threat landscape expands.

While financial firms have been highly motivated to make significant investments in cyber security, the need for risk management is only deepening from persistent threats. The Robinhood data breach is a recent reminder of the danger and the ease with which threat actors can gain access to networks. With over seven million customers affected, the Robinhood breach is the largest in history.

According to representatives from Robinhood, the cyber attack, which began with a social engineering exploit, has been contained and did not include social security numbers or account details. But what about the next time? What if the PII from over seven million customers found its way for sale on the dark web? The cascading consequences are staggering to contemplate.

“Financial services companies are incredibly popular targets because there are always new customers feeding the demand for personal and financial data to sell or use as leverage,” shares Chris Messer, CTO at Coretelligent. “Whether criminals are targeting your customers’ data to directly exploit, sell on the Dark Web, or to hold for ransom, the potential fallout for impacted clients and the financial and reputational risk to your business is extreme.”

There are more than a few emerging cyber threats that have security teams on edge. For example, the development of AI that can write better spearphishing emails than humans has staggering implications considering how many data breaches begin as phishing attacks. And don’t forget that phishing attacks are up by 22% in 2021.

In addition, AI-powered malware is a concern since it can target particular endpoints, making it more effective and profitable for hackers to cripple critical infrastructure and steal data with disruptive attacks. Finally, smishing incidents (like phishing, but via SMS) are also likely to increase in severity as attackers capitalize on a workforce that is increasingly doing business via their smartphones.

Multi-layered Approach to Information Security for Financial Service Organizations

Since businesses within the financial services industry are already required to have certain protections in place, it’s tempting to think that your organization is secure. But, unfortunately, between the increase in frequency and the changing nature of attacks—combined with the ever-changing compliance response—your cybersecurity implementation is not one-and-done. Instead, to keep up, a robust cybersecurity posture requires constant monitoring, continuing education of employees, periodic vulnerability assessments, regular penetration testing, and expert threat intelligence.

Coretelligent recommends implementing overlapping layers of security called defense-in-depth to protect your organization fully from ransomware attacks and other cyber incidents. These individual layers should include everything from easy-to-implement practices to complex security tools to defend your financial services organization. This defense-in-depth infographic highlights the cybersecurity strategy and best practices that Coretelligent employs for continuous multi-layered protection. These include next-generation firewalls, endpoint security, patch management and security updates, access management policies, advanced spam filtering, and much more.

Defense-in-depth

Coretelligent’s Multi-layered Cybersecurity Solution

Are you looking to evaluate your organization’s current security coverage? Use our Cybersecurity Evaluation Checklist to help assess your firm’s cybersecurity readiness. This checklist is a jumping-off point to help your firm determine its current cyber risk exposure and readiness for critical event management.

After completing the checklist, reach out to learn more about how Coretelligent can help to strengthen your cybersecurity posture now and into the future.

Life Sciences Industry Innovation is Where Business & Technology Intersect

Life Sciences Industry Innovation is Where Business & Technology IntersectThe life sciences industry is experiencing a period of rapid growth. Not only does the sector produce life-saving and life-enhancing treatments, but it is fueling investment across the globe. For example, 78 startups went public in 2020 in the biotech sphere, representing a 77% increase from the previous year. Meanwhile, the first half of 2021 has already seen 62 biopharma companies progress to IPO status. With the increased demand for innovative drugs, medical devices, and other therapies in the wake of the ongoing COVID-19 pandemic and vaccine development, various trends within the industry (like changes to clinical trials), and increased levels of investment, 2021 is shaping up to be a big year for the sector.

Innovation is the driver of the current expansion within the life sciences market. However, the key to maximizing this ROI, or Return on Innovation, requires that business and technology synchronize. This imperative calls for a carefully planned IT roadmap that enables companies to achieve a competitive advantage and improve business outcomes throughout the development, startup, growth, and expansion stages.

To help executives better understand the timeline, Coretelligent has developed a chart outlining the technology and business needs of the life sciences ecosystem throughout their life cycle. Download our datasheet Innovation is Where Business & Technology Intersect outlining how to plan your company’s IT strategy as you move through funding phases.


To dive deeper, download our data sheet → Innovation is Where Business & Technology Intersect.


In an earlier post, we shared some of the IT challenges faced by early-stage life sciences organizations. With this post, let’s take a deeper look at later-stage companies and what their IT strategy should be focused on as they scale.

What are the main IT priorities of life science firms as they move into their growth and expansion stages?

 

→ Employ technology for data management

As biotech, biopharma, and other life science enterprises grow, managing data increases in scale and complexity. As a result, cloud-based solutions and SaaS applications must align to ensure that enterprise data is available, usable, consistent, reliable, and secure. Employing the right technology solutions, including cloud-based services, backup and recovery, and others that store, manage, and protect data are critical at this stage.

→ Leverage technology to drive innovation

Not only has innovation come to the life sciences space, but it’s also bringing emerging technological trends with it. Advances in Artificial Intelligence (AI), Robotic Process Automation (RBA), Machine Learning (ML), Cloud/Big Data, and other developing technologies are evolving as disrupters to the sector. Successful life science companies will envision how to capitalize on these tools.

→ Optimize technology to grow operations

Even as innovative technology trends shift the landscape, IT becomes more integral to the core business operations as companies scale. While some may be using a managed IT model, most companies likely employ co-managed solutions during the later stages. A co-managed service provider empowers internal IT staff to drive technology delivery at scale and focus on strategic priorities. A technology partner can lighten the load by fulfilling tech support, plug critical skill gaps, and complement in-house capabilities with specialized technology services.

→ Utilize technology to ensure security and compliance

As a life science firm grows, compliance requirements increase in size and scope. At the same time, these companies have become more attractive targets for cybercriminals. As a result, life science firms must prioritize implementing robust cybersecurity tools and compliance processes to keep pace with evolving regulations while protecting sensitive data from bad actors.


Related Content → GxP and FDA 21 CFR Part 11 Compliance with Egnyte for Life Sciences.


Developing IT Growth Strategy for the Life Sciences Industry

The life sciences industry is booming, and the future looks even brighter. But the key to success involves more than just innovation—effective growth also depends on how well your life sciences company can leverage IT capabilities throughout your life cycle. In building out an effective IT strategy for startups, begin by understanding where your organization stands today, followed by preparing for those IT areas that will require digital transformation. Furthermore, leveraging new technologies like AI, RPA, ML, and Big Data, can help accelerate your progress and open up new opportunities in the journey towards achieving your goals.

To sum up, you need to understand what’s possible before embarking on any journey. By taking stock of current practices, planning ahead, prioritizing initiatives based on pain points, incorporating new technologies, and teaming up with a technology partner, you’ll be well-positioned to meet future growth. Coretelligent is an industry leader with extensive experience in the life sciences sector. To learn more about how Coretelligent can help your company successfully scale so that growth doesn’t stifle innovation, talk to one of our technology experts today.

SEC Targets Financial Firms for Security Compliance Failures. Could You Be Next?

SEC Targets Financial Firms for Security Compliance Failures. Could You Be Next?In late August of 2021, the SEC sanctioned eight financial services firms in three separate actions for security compliance failures. The SEC contends that the firms failed to establish and implement adequate cybersecurity policies and procedures. The SEC charged Cetera Entities, Cambridge, and KMS with violating Rule 30(a) of Regulation S-P, also known as the Safeguards Rule, which protects confidential customer information. According to the SEC, the failures “resulted in email account takeovers exposing the personal information of thousands of customers and clients.” The firms settled and agreed to pay $750,000 in fines.

The SEC’s enforcement actions against these companies should be a reminder of how crucial it is to have an effective cybersecurity program in place at your financial services firm. Security processes designed to prevent unauthorized access, malware, phishing, viruses, ransomware, and other malicious threats will both protect your firm from criminals and fines, penalties, and lawsuits.

What’s at Stake?

Cybersecurity incidents involving breaches of personally identifiable information—like social security numbers, credit card details, and bank accounts—can cause significant damage to a firm’s business reputation. Furthermore, your firm may face fines, lawsuits, regulatory investigations, and even legal liability. In addition, remediation costs, including lost revenues, damages, penalties, and settlements, are also likely. A typical data breach costs companies $4.24 million per incident, according to a July 2021 report from IBM.

The SEC Means Business

It seems that the current landscape of ransomware and other cyber threats has spurred the SEC to take a more aggressive stance against security compliance deficiencies. As a result, this summer has seen additional enforcement actions from the body. In June, the SEC charged First American Financial Corporation and later Pearson for similar exposures of sensitive customer data. This indicates that the SEC is moving to heighten its enforcement of cybersecurity rules and disclosure procedures amongst public companies. Key areas of focus in the recent sanctions have focused on:

    • Failure to implement and adopt widely accepted cybersecurity best practices.
    • Insufficient timely disclosures of lapses when they were identified
    • Inadequate and misleading language in breach notifications to clients and regulators about incidents

“Investment advisers and broker-dealers must fulfill their obligations concerning the protection of customer information,” said Kristina Littman, Chief of the SEC Enforcement Division’s Cyber Unit about the August announcement. “It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks.”


Related Content → What You Need to Know About Cybersecurity and Compliance for Financial Services Companies


Safeguard Your Financial Services Firm from Security Compliance Errors

This increased enforcement should serve as a wake-up call to financial institutions: Senior executives must better safeguard the personal information entrusted to them by consumers.

Accordingly, Coretelligent recommends that all financial advisors, brokers, and investment firms review their current cybersecurity vulnerability and compliance programs and consider implementing additional defenses to protect client information.

So, let’s start with some basics. What do the SEC security requirements include? Here are just some of the key elements that financial service firms can apply for strengthening their cybersecurity safeguards.

    1. Implementing and maintaining comprehensive written policies regarding cybersecurity
    2. Establishing and regularly testing computer network defenses
    3. Developing and executing a risk assessment plan
    4. Training employees about cybersecurity risks
    5. Ensuring that usernames and passwords used by employees comply with industry standards
    6. Implementing multi-factor authentication
    7. Monitoring network traffic for suspicious activity
    8. Notifying regulators promptly after discovering a breach.

At Coretelligent, our security and compliance solutions are designed with the needs of financial services organizations in mind. When you work with Coretelligent, you are gaining an IT partner who truly understands the security compliance needs of the financial services sector. Free your team to innovate at scale while we provide your financial services company with the solutions to protect against cyberattacks and fines from data breaches.  Contact us today at 855-841-5888 or fill out our online form to receive a quick return call.

 

Businessman pointing arrow moving up growing business growth. Concept of corporate success

From operational processes to security challenges and regulatory uncertainty, the financial services sector has been taking a beating in the digital world. Whether you are interested in scaling vertically or horizontally, simply maintaining secure document management and compliant levels of access for employees can be difficult. Managing complex financial services workflows and meticulous processes requires intensely powerful technology, which can be more expensive than financial services firms can afford and still fuel growth engines. With the rise of platforms and partners dedicated to the digital needs of financial services firms, it is more important than ever to fully vet the security and compliance levels of your systems while forging ahead with digital transformation.

Safely Taking Advantage of the Benefits of Cloud

In many ways, cloud computing has paved the way for financial services firms to envision new ways of doing business that are faster, more automated, more compliant and more secure. Managing the huge amounts of data inherent in financial services has caused many firms to shy away from privately hosted or aggregated data centers and move exclusively to the cloud. While the cost-savings can be significant with this shift, the instant scalability of cloud computing is what has been most seductive. The variability of transaction rates over time allows for faster scaling and better control over the consistency of transactions. Even with all the benefits, not all cloud storage and transactions are the same as the security of your cloud partner could be the chink in your armor that cybercriminals are hoping to exploit.

The Rising Importance of RegTech

There was FinTech, and now RegTech: the technology utilized to ensure you are fully complying with the regulatory authorities of the world. This is particularly crucial for financial services firms that often work with individuals and organizations around the globe. This dramatically increases the complexity of the challenges you are facing, and as more countries adopt their specific data privacy policies the intricacy of avoiding regulatory risk will skyrocket. Financial services firms must either comply with these regulations or choose not to do business in that region, something that can severely hamper growth potential for the future. Many organizations are being faced with the option of patching together multiple existing systems and workflows, hoping to capture the spirit of regulations without full confidence that compliance has been achieved. Finding a way to create flexible and scalable — not to mention compliant and secure — systems will continue to be a challenge for financial services firms that manage their technology internally.

Reducing Compliance and Regulatory Risk in the Financial Services Sector

In an ever-changing regulatory and security climate, financial services firms that attempt to meet the obligations set forth by regulators by utilizing manual processes can quickly cause inconsistencies that are not easily discovered without a full audit of systems and processes. Where RegTech can step in is through creating a more resilient base for the organization, allowing for greater scalability as new reporting, security and workflow requirements come to light. Solutions that include AI and machine learning in cybersecurity are often able to detect abnormal activity within a network, aiding in financial crime detection procedures by scanning millions of transactions in a short period of time. Employing machine learning solutions ensures that the systems are able to grow over time — improving their ability to detect inconsistencies and alert technology and business staff to a potential situation.

Trusted Cybersecurity is Vital to Scalability

Third-party vendor risk is often underestimated but is a topic that should be brought top-of-mind for financial services professionals. The highly sensitive information stored within the financial services sector and the increasing data privacy regulations have made the level of security for partners and your data storage providers a key concern. Knowing that your cloud provider has resources dedicated to cybersecurity provides distinct advantages in the face of ever-shifting compliance reporting and security risks.

Finding the right mix of proactive support, regulatory knowledge and cybersecurity experience can be difficult for firms in the financial services sector. With their compliance assurance and engineering excellence, the professionals at Coretelligent are helping financial services organizations find the path forward to scale. Our consultants and technicians represent a broad spectrum of technical expertise, ensuring we have the resources in place to support growing financial services organizations across the country. Contact our team at 855-841-5888 or fill out our quick online form to schedule your complimentary initial review.

Modern graphic interface showing symbols of strategy in risky plan analysis to control unpredictable loss and build financial safety.

With disruptors and fast-moving companies entering the financial services arena at an alarming rate, firms often find themselves struggling to adapt ageing technology systems and processes to the turbulent world of financial services compliance. While digital transformation may be the ultimate goal for firms, simply keeping up with compliance and cybersecurity risks often requires intense deliberation and expensive platform upgrades. Using advanced capabilities such a pattern identification with machine learning and natural language processing, the financial services sector is primed to take advantage of cutting-edge technology — but maintaining compliance throughout the firm may still be the most pressing challenge.

The Intersection of Compliance and Technology

Compliance is not a new problem in the world of financial services. Bank, investment firms, wealth management funds — nearly all financial services organizations are handing the confidential information and transactions of individuals and organizations at scale. While compliance reporting may have been more manual in the past, the extreme complexity of the compliance and security issues facing these firms today makes manual processes technically impossible to maintain. Shifting the responsibility for compliance, reporting and security from a process-based solution to lean more heavily on technology isn’t an easy path, but one that mitigates the overarching risk for financial services firms. There are relatively complex compliance models that have been developed through the US government with the support of agencies such as the Financial Services Sector Coordinating Council, but applying the stringent strategies and tactics outlined is often more intense than entities are able to support internally.

Each of the compliance and security requirements put in place by the various regulatory agencies have positive goals: supporting the stability of the global economy and protecting the privacy rights of consumers. However, abiding by the precise reporting and data management requirements of each entity obligates financial services firms to implement complex frameworks that are costly and time-consuming. Following are a few of the most intensive compliance regulations for the financial services sector:

FINRA

FINRA, the Financial Industry Regulatory Authority, is an independent organization that is not associated with the US government that helps investors and firms confidently participate in the market by serving as the first line of oversight for the brokerage community. The unique rules and guidelines published by FINRA are aimed at ensuring a safe and fair market, with rules and general standards that are continually being updated based on changes to the global marketplace. FINRA requirements are generally focused around complex cybersecurity themes to protect against cyber intrusions, detect compromises to digital systems and creating business continuity and breach plans.

SEC

The SEC, Securities and Exchange Commission, has issued a set of guidelines that dictates how data is stored, accessed and retrieved. This requires organizations to maintain sophisticated record-keeping with two years of transactions stored for immediate retrieval with information and transactions from the prior six years can be stored for non-immediate retrieval. With intricate audit requirements, duplication and tracking methods in place, SEC rule 17a-4 can place a burden on overworked technology departments that can be difficult to overcome without external assistance from trusted technology partners. Even with an interpretation document provided by the US government, translating these electronic storage requirements requires significant investment in time and systems.

CIS 20 (Formerly SANS 20)

Provided by the Center for Internet Security (CIS), the CIS 20 controls are a prioritized set of actions that are aimed at reducing overall cybersecurity risk and protecting your financial services organization from known cyberattack vectors. These critical security controls help “bridge the gap between high-level security framework requirements and the operational commands needed to implement them”.

SOX

First passed in 2002, the Sarbanes-Oxley Act (SOX) was established to protect individuals from the actions of business entities — increasing transparency in the financial services sector and requiring formalized checks and balances for individual entities. In today’s world, SOX compliance is aimed at limiting access to internal systems that contain confidential or financial data. Fortunately, these standards are also solid business practices that can enhance your firm’s cybersecurity risk profile and reduce threat of insider attack.

Understanding the evolving world of IT compliance for financial services firms is an ongoing conversation, not a one-time decision. Learn more about the compliance obstacles facing the financial services sector when you download Coretelligent’s complimentary whitepaper: “How Financial Services Firms Can Manage Compliance“. With a team that works extensively in the financial services sector, Coretelligent has years of experience and consultants based in Atlanta, Boston, New York, Philadelphia and San Francisco to help your firm manage IT compliance and security. Contact our team of dedicated professionals today by calling 855-841-5888 or via email to info@coretelligent.com to schedule your free initial consultation.