Added Reason to Be Aware of the New York State Department of Financial Services Cybersecurity Regulations
All businesses operating in New York under a license, registration, charter, certificate, permit or similar authorization under the Banking Law, the Insurance Law, or the Financial Services Law must comply with the DFS Regulations. A full list of businesses supervised by DFS can be found here.
The SHIELD Act does not mandate specific safeguards, but it provides several examples of practices that are considered reasonable administrative, technical, and physical safeguards. These examples suggest the kinds of safeguards businesses should be adopting, but they are not the only safeguards companies should be adopting.
Read More
Fake FINRA Survey Is a Phishing Scam, Regulator Warns BDs
The email scam is the latest of several attempts to illicitly gather data by impersonating FINRA or registered reps. The Financial Industry Regulatory Authority is warning member firms to avoid a phishing email that is requesting broker-dealers to fill out a fraudulent FINRA study.
Read More
SEC Issues New Risk Alert on “Credential Stuffing” Attacks
On September 15, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert highlighting the recent uptick in “credential stuffing” cyber-attacks against SEC-registered investment advisors and broker dealers.
Credential stuffing is an automated cyber-attack on Internet-based user accounts and firm networks. Attackers obtain usernames and passwords from the dark web and then employ automated scripts utilizing the compromised information to attempt to log in and gain unauthorized access to other customer accounts and firm networks. Credential stuffing has proven to be a more effective way for hackers to gain access to accounts and firm systems than traditional brute force password attacks have been. If the credential stuffing attack is successful, attackers can gain access to and control over customer assets and confidential information.
Read More
Should your Business have a Work from Home Cybersecurity Policy?
Work from home organizations all over the world have been polishing their strategies to enable their employees to work from remote locations at whatever time they like.
Read More
Adviser cybersecurity programs getting stronger -U.S. industry survey
Investment advisers are enhancing their cybersecurity programs by implementing formal protection plans, taking out insurance, and stepping up security assessments, an influential industry survey has found.
Read More
SEC Risk Alert Addresses COVID-19 Compliance Risks and Considerations
On August 12, 2020, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert, warning investment advisors and broker-dealers of the continued challenges to protect investors from COVID-19 related risks.[1] Given the ongoing challenges related to the global pandemic, OCIE felt it was necessary to share its observations and recommendations with the public. The Risk Alert identifies six broad categories of challenges: (1) protection of investors’ assets; (2) supervision of personnel; (3) practices related to fees, expenses, and financial transactions; (4) investment fraud; (5) business continuity; and (6) protection of investor and other sensitive information.
Read More
Report | Employee Mistakes Cause Almost Half of Cybersecurity Issues
Staff admits that mistakes they have made at work have had cybersecurity repercussions themselves or their company.
Read More
SEC Issues Ransomware Alert
Attempts to penetrate financial institution networks through phishing and ransomware are on the rise.
The Securities and Exchange Commission’s exam division is warning advisors and broker-dealers to immediately review their cybersecurity controls, as phishing and ransomware attacks are on the rise. In a just-released risk alert, the agency’s Office of Compliance Inspections and Examinations warns that while recent reports indicate that one or more threat actors have used phishing and ransomware measures to penetrate financial institution networks, OCIE “has observed ransomware attacks impacting service providers to registrants.”
Read More
