Posts

Financial Services Vulnerabilities

Identifying Common Financial Services Vulnerabilities

Financial services institutions have long been a top target for cyber threats. Access to a large amount of sensitive and confidential information makes the financial sector a target-rich environment for cyberattacks. In addition to mitigating cybersecurity threats, financial firms must also prioritize maintaining and strengthening compliance. These balance of these two priorities presents a unique set of challenges for companies in financial services.

With the inherent diversity of the financial services sector and the shifting cybersecurity and compliance landscape, identifying a one-size-fits-all set of vulnerabilities for all financial services institutions is impossible. However, there are common vulnerabilities to be aware of.

  • Reactively Evaluating Current Cybersecurity Posture:

    Institutions cannot address cybersecurity and compliance vulnerabilities of which they are unaware. Moreover, leaving these vulnerabilities unaddressed can have costly consequences. If unaddressed until an incident occurs, institutions have no choice but to utilize a reactive approach that can leave the business facing outages and shaken customer confidence. Instead, financial service firms should consider taking a proactive approach. By utilizing Coretelligent’s Cybersecurity Evaluation Checklist designed for financial services as a jumping-off point, financial service firms can do an initial assessment of existing vulnerabilities to discuss with a managed service provider (MSP).

  • Ransomware Attacks:

    As the world continues to become more digitally integrated, opportunities for ransomware attacks grow exponentially. In a ransomware attack, attackers use malware to gain access to your organization’s systems or data and hold that data until a ransom is paid by the organization. The results of these attacks are devastating. In addition to the price of the ransom, there are legal fees and other costs associated with damage control, as well as potential loss of data.

  • Access Vulnerability:

    Flaws in various levels of access to information can leave sensitive data exposed and vulnerable for attackers. Cybersecurity integration is key across all divisions and at all levels of access in an organization. Cybercriminals will seek to exploit any weaknesses identified at any level, regardless of the internal structure of the business.

  • Managing Compliance:

    The evolution of information technology has increased the compliance burden on the financial services industry. Financial service organizations are amongst the most regulated business segments in the U.S. However, simply maintaining compliance may no longer be enough. Instead, actively managing compliance risk and strengthening compliance overall is key in earning customer confidence and avoiding costly penalties.

  • Business Continuity:

    What comes next if the worst happens and a cyberattack hits your company? Is your data backed up safely? How quickly would you be able to restore access to users? A proactive and dynamic backup and disaster recovery solution is critical for preventing business interruption and loss of essential data, which could trigger a compliance violation. Off-the-shelf, onsite backup solutions often do not provide the level of performance required to meet the needs of financial and investment organizations. It is vital to establish a solution before an outage to ensure timely recovery and minimize interruption time for clients.

Addressing security and compliance vulnerabilities may seem challenging, but Coretelligent can help. Working with Coretelligent means working with an IT partner who understands both the security and compliance needs of the financial services sector. Contact us today at 855-841-5888 or fill out our online form.

by
IT Strategy for Business: 6 Components You Can't Ignore in 2023

IT Strategy: 6 Components You Can’t Ignore in 2023

In-house IT teams often become caught in a cycle of responding to issues as they arise instead of taking a proactive approach due to the overwhelming volume of tasks they must handle. But this break/fix method is not sustainable. To prioritize and support business goals, organizations must look beyond day-to-day transactional IT and toward long-term IT strategy for their business.

This need is why Coretelligent offers clients Virtual CIO (VCIO) sessions which provide an organization’s in-house IT with the leadership and guidance needed to make critical IT decisions. VCIO sessions are an opportunity to discuss the state of your IT infrastructure and how to make improvements so that it’s proactively supporting your operations.

Like all strategies, your IT strategy is not a set it and forget it process. At Coretelligent, we regularly evaluate our clients’ IT infrastructure and make proactive recommendations to keep them secure, compliant, positioned for growth, and aligned with their business goals. To ensure your IT roadmap aligns with your business initiatives, here are the topics we suggest you reevaluate at least once a year.

Six topics that you should address with your IT Partner in your next IT strategy session:

[ez-toc]

 

Laptops and hands on a table discussing IT Strategy for Business and the 6 Components You Can't Ignore in 2023

 

Cybersecurity

Year-over-year, cybersecurity attacks and incidents continue to increase. And with more companies shifting to a permanent hybrid or work-from-home policy, more vulnerabilities are uncovered every day. Without the proper infrastructure, remote work environments can present substantial security risks. Coretelligent stays abreast of cyber threats and compliance regulations in our client’s industries. We make recommendations to address these threats, as well as client-specific vulnerabilities.

Endpoint security is critical with the transition to a remote workforce. Your IT partner should be monitoring your infrastructure, including your endpoints for cybersecurity incidents, and running regular vulnerability assessments. During your IT strategy meetings, they should make recommendations on how you can improve your endpoint security with tools like endpoint detection and response (EDR) platforms and security awareness training. If your IT partner is providing user security awareness training, ask if they are validating the effectiveness of that training with phishing testing.

Compliance

In an ever-changing regulatory and security climate, firms that attempt to meet the obligations set forth by regulators by using manual processes can quickly cause inconsistencies that are not easily discovered without a full audit of systems and processes. Coretelligent’s VCIO sessions provide compliance strategies for aligning your policies, procedures, and systems with regulatory standards.

Proper access management is the foundation of cybersecurity and compliance. Your IT partner should regularly evaluate your current IT strategy and create a plan to close any compliance gaps. This includes reviewing and updating your data governance policies and procedures.

Cloud Strategy

There is no one-size-fits-all when it comes to cloud strategy. Many organizations take a multi-cloud approach, having a combination of public and private cloud solutions. Depending on your business needs, you may require a hybrid cloud model with some systems on the cloud while others remain on-premise. With a variety of combinations, how do you know which cloud strategy is right for you?

Ultimately, your cloud strategy will depend on your operations, data, business goals, and budget. Coretelligent’s consultative approach to cloud solutions ensures that client’s cloud strategies and solutions are built around their current and future business goals. If you have questions about scalability, mobility, and availability, the cloud is a topic you will want to discuss with your IT partner.

Collaboration Platforms

Daily operations rely on employees’ ability to communicate efficiently. Coretelligent provides clients with recommendations for collaboration tools that optimize workflows. Sometimes, clients can reduce costs by consolidating to one collaboration platform.

Your IT partner should make recommendations that increase productivity while maintaining security and compliance. Is your firm subject to compliance standards requiring communications archiving? An IT partner familiar with your industry and compliance standards can ensure you are securely archiving emails and video conferencing communications.

Business Continuity

In addition to optimizing your IT infrastructure for security and operational efficiency, Coretelligent uses time during your VCIO session to discuss business continuity. We evaluate the systems and procedures you have in place in the event of a breach or disaster and then make recommendations on how to improve them.

When was the last time you reviewed your disaster recovery plan? Have you tested it? Your IT partner should help you review and update your disaster recovery plan. They should ensure your backups are secure and accessible even during a disaster. Does your IT partner regularly maintain an asset inventory? Maintaining an accurate list of your assets and their locations is often required by regulatory agencies.

Digital Transformation

And finally, ensuring your business is positioned for continued success means making sure you can achieve your business goals and prepare your organization for the future. Digital transformation leverages platforms, tools, and expertly crafted IT strategy to create, implement, and maintain custom technology solutions that will keep your operations running smoothly.

Evaluation by a digital transformation consultant can help you navigate how to enhance process efficiency, improve customer experience, gain greater data insights, and even lower operational costs. Coretelligent’s CoreDTS team takes a holistic approach to assess and address common pain points that can be resolved with best-in-class technology and IT strategy.

 

A Comprehensive IT Strategy for Your Business

Not all IT teams or MSPs have the expertise to provide meaningful recommendations for your IT infrastructure. Too little experience could result in purchasing unnecessary or insufficient tools which can cost your business money. Organizations looking for long-term success must move away from the break-fix methodology.

At Coretelligent, IT strategy comes standard. We have years of experience developing IT roadmaps for firms in highly regulated industries like financial services and life sciences. Looking to improve your security, migrate to the cloud, or need support with IT planning and strategy? Coretelligent can help! Contact us to schedule a VCIO session.

by
SEC Compliance Rule

SEC Signals New and Expanding Compliance Rules to Combat Cyber Crime

SEC Compliance RuleIndicates significant changes to regulations for broker-dealers, investment companies, RIA, and other market agents.

The SEC has been signaling the expansion of the compliance around cybersecurity for public financial firms for some time. Increased and intensified state-sanctioned cyber-attacks, data breaches, and ransomware have spotlighted the risk to the U.S. economy, its investment markets, and its investors.

“The economic cost of cyberattacks is estimated to be at least in the billions, and possibly in the trillions, of dollars,” said SEC Chair Gary Gensler in a speech on January 24th. “Hackers have attacked broker-dealers, government agencies, meat processors, and pipelines. These attacks can take many forms from denials-of-service to malware to ransomware.”

Referencing the 2021 Robinhood breach and the SolarWinds incident from 2020, Gensler mentions the joint work of the FBI, CISA, and the Biden administration is ratcheting up to curb the plague—not the COVID-19 pandemic, but the scourge of cybercrime.

He shares that the SEC is looking at ways to strengthen the financial markets’ cyber readiness and hints at a new and expanded compliance framework.

In terms of policy, there are three areas under scrutiny: cyber hygiene and preparedness, cyber incident reporting to the government, and disclosures to the public.

These areas call for IT solutions that prepare for, respond to, and report cyber events. Practices like access management and end-user training, which both reduce the likelihood of cyber incidents, will need to be implemented and reinforced. Additionally, a robust backup system and a disaster recovery plan should be developed or expanded for responding to any events that may happen. Depending on the specific language that ends up in new or expanded regulations, additional IT solutions will most likely be needed for compliance.

As far as which type of organizations may be facing new and strengthened regulations—the list includes SEC registrants in the financial sector, including broker-dealers, investment companies, registered investment advisers, and others. Also in the crosshairs are public companies, third-party service providers, and other organizations not currently registered with SEC, but which support or interact with SEC-registered companies.

Specific regulations that the SEC is proposing to change:

  1. Expanding Regulation Systems Compliance and Integrity (Reg SCI) to cover more entities, including market-makers, broker-dealers, and other financial entities. Reg SCI requires SEC registrants have robust sound technology programs, business continuity plans, testing protocols, data backups, and more.
  2. Implementing new regulations for financial sector registrants, like investment companies, investment advisers, and broker-dealers, not covered by Reg SCI around cybersecurity hygiene practices and incident reporting.
  3. Modernizing Regulation S-P, which deals with data privacy, changing the scheduling and content of notifications to clients about data breaches involving personally identifiable information.

These changes would significantly impact a wide array of companies and subject them to expanded or newly instituted regulations that they may not be prepared to meet.

If your organization requires assistance with keeping up with and implementing these and any other cybersecurity compliance requirements, reach out to our experts. Coretelligent has a suite of solutions, including CoreArmor and CoreBDR, designed to address the compliance and security needs of the financial sector. With over 16+ years of experience helping clients navigate a whole host of IT compliance regulations and bolstering their cybersecurity posture, we can help your firm understand and meet its regulatory requirements.

 

 

 

by
Solving Cybersecurity on-demand webinar

Watch Solving Cybersecurity for Financial Services On-demand Webinar

On-demand webinarWe get it. As executives and IT professionals, you are busy. To that end, we are debuting a new series of short on-demand webinars intended to answer the most commonplace requests we receive. These webinars are designed to connect your firm’s real-world problems with the solutions that address them. They are short and available on your timetable—no signing up for a scheduled webinar and then missing it because you get pulled into a meeting!

The first video is for financial services firms needing guidance on strengthening cybersecurity readiness and compliance response.

Better understand how to effectively respond to the moving target of the twin challenges of cybersecurity and compliance with our free on-demand webinar.

This short compliance and cybersecurity webinar focuses on the following topics:

  • IT Pillars of compliance
  • Cybersecurity priorities for SEC compliance
  • Tips on how to improve cyber readiness and meet compliance
  • And more!

→ Sign up here to watch the webinar.

On-demand webinar

by
CISA alert

CISA Urges Organizations Safeguard Now Against Possible Critical Cyber Threats

Critical Cyber Threats - CISAYesterday, the Cybersecurity Infrastructure & Security Agency (CISA), the federal agency charged with protecting the nation’s cyber infrastructure, released a notice from the National Cyber Awareness System. Based on recent malicious cyber incidents in Ukraine, CISA urges organizations across all sectors and of any size to be on alert for malicious cyber activity. The agency also provided a checklist of actions to take immediately.

To reduce the likelihood of destructive cyber intrusions, CISA recommends that business leaders immediately:

  1. Institute multi-factor authentication
  2. Ensure that software is up to date
  3. Disable all ports and protocols that are not essential for business purposes
  4. Review and implement strong controls for cloud services
  5. Conduct vulnerability scanning

CISA also advises that organizations take the following steps to detect potential intrusions:

  1. Identify and assess unusual network behavior. Enable logging to investigate issues better.
  2. Protect networks with antivirus and antimalware software and that these tools are up to date.
  3. Closely monitor traffic and review access controls if dealing with Ukrainian organizations

Additional recommendations can be found at CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats.

If your organization requires assistance with implementing these and other cybersecurity initiatives, reach out to our security experts.

 

by
FINRA Rule 4370

What Does the BCP FINRA Rule 4370 Update Mean for Your Firm?

FINRA Rule 4370

The Financial Industry Regulatory Authority (FINRA) recently announced the completion of the review process for FINRA Rule 4370 and upholds the Rule as it currently stands. The agency put the Business Continuity Plan (BCP) Rule 4370 into place to ensure continuity of operations for broker-dealer firms following a disruption or disaster. FINRA based its decision to keep 4370 intact on the recently completed BCP Rule and Pandemic Review, both of which highlight the benefits of the Rule.

The FINRA BCP Rule requires broker-dealers to maintain continuity plans designed to ensure their ability to resume business operations after an interruption or in the event of a disaster. Regulatory Notice 21-44 provides clarification of FINRA’s compliance obligations for broker-dealers waiting to see where the agency would land regarding updating or maintaining the Rule.

Background on Rule 4370

In early 2019, announced a review of the Rule to determine its effectiveness and viability. In addition, the agency considered the costs, risks, and benefits associated with developing, maintaining, and implementing BCPs against not utilizing them.

According to FINRA’s announcement, stakeholders reported that Rule 4370 was working as intended. FINRA observed that the Rule’s “flexible, non-prescriptive, and risk-based approach has been effective in ensuring firms of all sizes are prepared for potential business disruptions.”

Additionally, during the early stages of the pandemic, FINRA also published Regulatory Notice 20-08, which recommended that member firms review their plans for pandemic preparedness.

What Does This Mean For Your Firm?

FINRA has made it clear that firms should continue developing and maintaining plans according to Rule 4370. However, the agency will not be providing specific guidance; firms are on their own when it comes to fulfilling the requirements for compliance.

What Are the Next Steps?

New and established brokerage firms will need to evaluate their status regarding Rule 4370 to guarantee compliance and that they are operating with an effective BCP. However, a BCP alone is not enough to ensure continuity.

For firms looking to assess their disaster readiness and compliance, there are six critical components of a BCP that will be there when you need it.

    1. Establish or Evaluate Existing BCP
    2. Test BCP
    3. Validate Vendor Readiness to Support BCP
    4. Ensure Remote Access for Essential Personnel
    5. Educate Personnel and Conduct Training
    6. Routinely Repeat this Process

By following these steps, your firm will be prepared for potential business disruptions and remain compliant. Of course, there is more involved in each of these steps. For more granularity, read our post, Business Continuity Checklist for Financial Services Firms, which outlines just how to assure operational continuity and data protection.

Coretelligent is here to help your firm navigate the details in developing and maintaining a business continuity plan. We can also assist with incorporating it into your IT strategy, cybersecurity solutions, and compliance reporting. As an MSP with considerable experience within the financial services industry, Coretelligent understands the regulatory imperatives required of you and your business. That is one of the main benefits of working with an IT partner with deep industry knowledge and expertise.

Reach out and we will work with your IT and compliance teams to review your BCP and develop a roadmap to make sure your firm is secure.

by

How to Effectively Assess Enterprise Backup Solutions?

How to Effectively Assess Enterprise Backup Solutions?Disasters and cyber-attacks happen, but data loss does not have to be inevitable. Data loss can be avoided or mitigated with a robust backup and disaster recovery solution (BDR). Surviving a catastrophic data loss event depends on choosing the right BDR solution. But you need to understand the critical components in order to successfully evaluate enterprise backup solutions.

What is BDR?

Comprehensive BDR solutions offer recovery options for various data loss scenarios. Determining the correct solution is a deliberate and tactical process that evaluates business data, applications, operations, and risk exposure.

Solutions often include a hybrid of daily backups and more frequent replication of virtual servers to a secondary storage site for rapid recovery. They may also include cloud-to-cloud (C2C) backup, especially for companies that use SaaS applications like Microsoft365. Daily backups provide long-term recovery capabilities. While backup replication allows for the rapid failover of business operations to a disaster recovery (DR) site.

At this point, it’s important to point out the pitfall of relying on a primary cloud provider as a backup source for your data. Several of the larger cloud services note that they are not responsible for maintaining the integrity of data stored on their systems. Instead, it is critical to choose a BDR partner with an appropriate backup and disaster recovery solution. A true BDR solution involves more than just having a second copy of your data. A BDR process ensures that your data is redundant, accessible, and viable.

What Does a Secure BDR Solution Encompass?

Every company has its own set of data recovery requirements. Therefore, recovery point objectives (RPOs) and recovery time objectives (RTOs) will vary. RPOs identify how often data should be backed up or replicated. In contrast, a RTO describes how quickly data can be recovered.

Furthermore, regulatory or compliance standards must be evaluated to see whether they have any consequences for data security. For example, financial services and life science companies are subject to stringent rules regarding the protection of digital assets.

Another necessary element in a data backup and disaster recovery strategy is developing and documenting a BDR plan. A BDR plan includes procedures for recovering data and systems, testing and validation methods, and identifying essential recovery personnel. This plan is crucial to ensure business continuity.

A final must-have component for any BDR plan is testing the recovery process regularly. Any difficulties or failures discovered throughout the testing process can be recorded and analyzed for modifications to the BDR strategy. In addition, test laboratories can be set up within a “sandbox” environment to minimize disruption to the manufacturing environment.

The ABCs of BDR WhitepaperWhite Paper Download

The ABCs of Backup and Disaster Recovery (BDR)

This white paper explains how data loss occurs, how backup and disaster recovery (BDR) works and helps you understand what to plan for and how to evaluate your BDR solution.
Free White Paper Download

Three Core Principles

Whatever your BDR strategy entails, it should provide the core values of scalability, reliability, and resiliency.

  • Scalable BDR solutions expand as your business grows without exceptional effort by your team.
  • Whether on-premise or a cloud backup, a reliable solution is fully redundant and accessible from any physical location.
  • Resiliency requires protecting data from ransomware attacks and other threats.

Advanced recovery solutions take a multi-pronged approach in managing risk, including a dedicated team of professionals available for client support.

A Trusted BDR Partner

CoreBDR, Coretelligent’s fully managed backup and disaster recovery solution, meets the data protection requirements of the digital enterprise. CoreBDR offers secure, high-performance, cloud-based backup and restoration to deliver operational resiliency to your organization. CoreBDR is available for organizations with on-premise infrastructure and cloud environments and can be customized to fit your business operations. Our expert team has deep experience delivering to clients of all sizes in financial services, life sciences, and other industries.

by

Emerging Threats Signal More Trouble for Financial Services Cybersecurity

Emerging Threats Signal More Trouble for Financial Services Cybersecurity

Hedge funds, private equity companies, venture capital, and other financial services firms are prime targets for cyber criminals seeking to compromise data-rich institutions. Additionally, as keepers of valuable personal identifiable information (PII) and propriety data, the financial services sector is subject to increasing regulatory requirements as the cybersecurity threat landscape expands.

While financial firms have been highly motivated to make significant investments in cyber security, the need for risk management is only deepening from persistent threats. The Robinhood data breach is a recent reminder of the danger and the ease with which threat actors can gain access to networks. With over seven million customers affected, the Robinhood breach is the largest in history.

According to representatives from Robinhood, the cyber attack, which began with a social engineering exploit, has been contained and did not include social security numbers or account details. But what about the next time? What if the PII from over seven million customers found its way for sale on the dark web? The cascading consequences are staggering to contemplate.

“Financial services companies are incredibly popular targets because there are always new customers feeding the demand for personal and financial data to sell or use as leverage,” shares Chris Messer, CTO at Coretelligent. “Whether criminals are targeting your customers’ data to directly exploit, sell on the Dark Web, or to hold for ransom, the potential fallout for impacted clients and the financial and reputational risk to your business is extreme.”

There are more than a few emerging cyber threats that have security teams on edge. For example, the development of AI that can write better spearphishing emails than humans has staggering implications considering how many data breaches begin as phishing attacks. And don’t forget that phishing attacks are up by 22% in 2021.

In addition, AI-powered malware is a concern since it can target particular endpoints, making it more effective and profitable for hackers to cripple critical infrastructure and steal data with disruptive attacks. Finally, smishing incidents (like phishing, but via SMS) are also likely to increase in severity as attackers capitalize on a workforce that is increasingly doing business via their smartphones.

Multi-layered Approach to Information Security for Financial Service Organizations

Since businesses within the financial services industry are already required to have certain protections in place, it’s tempting to think that your organization is secure. But, unfortunately, between the increase in frequency and the changing nature of attacks—combined with the ever-changing compliance response—your cybersecurity implementation is not one-and-done. Instead, to keep up, a robust cybersecurity posture requires constant monitoring, continuing education of employees, periodic vulnerability assessments, regular penetration testing, and expert threat intelligence.

Coretelligent recommends implementing overlapping layers of security called defense-in-depth to protect your organization fully from ransomware attacks and other cyber incidents. These individual layers should include everything from easy-to-implement practices to complex security tools to defend your financial services organization. This defense-in-depth infographic highlights the cybersecurity strategy and best practices that Coretelligent employs for continuous multi-layered protection. These include next-generation firewalls, endpoint security, patch management and security updates, access management policies, advanced spam filtering, and much more.

Defense-in-depth

Coretelligent’s Multi-layered Cybersecurity Solution

Are you looking to evaluate your organization’s current security coverage? Use our Cybersecurity Evaluation Checklist to help assess your firm’s cybersecurity readiness. This checklist is a jumping-off point to help your firm determine its current cyber risk exposure and readiness for critical event management.

After completing the checklist, reach out to learn more about how Coretelligent can help to strengthen your cybersecurity posture now and into the future.

by
SEC Targets Financial Firms for Security Compliance Failures. Could You Be Next?

SEC Targets Financial Firms for Security Compliance Failures. Could You Be Next?

SEC Targets Financial Firms for Security Compliance Failures. Could You Be Next?In late August of 2021, the SEC sanctioned eight financial services firms in three separate actions for security compliance failures. The SEC contends that the firms failed to establish and implement adequate cybersecurity policies and procedures. The SEC charged Cetera Entities, Cambridge, and KMS with violating Rule 30(a) of Regulation S-P, also known as the Safeguards Rule, which protects confidential customer information. According to the SEC, the failures “resulted in email account takeovers exposing the personal information of thousands of customers and clients.” The firms settled and agreed to pay $750,000 in fines.

The SEC’s enforcement actions against these companies should be a reminder of how crucial it is to have an effective cybersecurity program in place at your financial services firm. Security processes designed to prevent unauthorized access, malware, phishing, viruses, ransomware, and other malicious threats will both protect your firm from criminals and fines, penalties, and lawsuits.

What’s at Stake?

Cybersecurity incidents involving breaches of personally identifiable information—like social security numbers, credit card details, and bank accounts—can cause significant damage to a firm’s business reputation. Furthermore, your firm may face fines, lawsuits, regulatory investigations, and even legal liability. In addition, remediation costs, including lost revenues, damages, penalties, and settlements, are also likely. A typical data breach costs companies $4.24 million per incident, according to a July 2021 report from IBM.

The SEC Means Business

It seems that the current landscape of ransomware and other cyber threats has spurred the SEC to take a more aggressive stance against security compliance deficiencies. As a result, this summer has seen additional enforcement actions from the body. In June, the SEC charged First American Financial Corporation and later Pearson for similar exposures of sensitive customer data. This indicates that the SEC is moving to heighten its enforcement of cybersecurity rules and disclosure procedures amongst public companies. Key areas of focus in the recent sanctions have focused on:

    • Failure to implement and adopt widely accepted cybersecurity best practices.
    • Insufficient timely disclosures of lapses when they were identified
    • Inadequate and misleading language in breach notifications to clients and regulators about incidents

“Investment advisers and broker-dealers must fulfill their obligations concerning the protection of customer information,” said Kristina Littman, Chief of the SEC Enforcement Division’s Cyber Unit about the August announcement. “It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks.”

Related Content → What You Need to Know About Cybersecurity and Compliance for Financial Services Companies

Safeguard Your Financial Services Firm from Security Compliance Errors

This increased enforcement should serve as a wake-up call to financial institutions: Senior executives must better safeguard the personal information entrusted to them by consumers.

Accordingly, Coretelligent recommends that all financial advisors, brokers, and investment firms review their current cybersecurity vulnerability and compliance programs and consider implementing additional defenses to protect client information.

So, let’s start with some basics. What do the SEC security requirements include? Here are just some of the key elements that financial service firms can apply for strengthening their cybersecurity safeguards.

    1. Implementing and maintaining comprehensive written policies regarding cybersecurity
    2. Establishing and regularly testing computer network defenses
    3. Developing and executing a risk assessment plan
    4. Training employees about cybersecurity risks
    5. Ensuring that usernames and passwords used by employees comply with industry standards
    6. Implementing multi-factor authentication
    7. Monitoring network traffic for suspicious activity
    8. Notifying regulators promptly after discovering a breach.

At Coretelligent, our security and compliance solutions are designed with the needs of financial services organizations in mind. When you work with Coretelligent, you are gaining an IT partner who truly understands the security compliance needs of the financial services sector. Free your team to innovate at scale while we provide your financial services company with the solutions to protect against cyberattacks and fines from data breaches.  Contact us today at 855-841-5888 or fill out our online form to receive a quick return call.

 

by