Need cybersecurity help for your RIA firm? The U.S. Securities and Exchange Commission (SEC) has created a number of documents containing cybersecurity guidance and other topics such as social media, email/texting and phishing.
Because of our cybersecurity service for RIAs, we’ve been able to see first-hand where RIAs tend to struggle. Below you’ll find a number of topical guides that further explain the SEC’s cybersecurity guidance and offer options and recommendations.
August 15, 2020 by Josh Ablett
Are you worried about ransomware? You should be. Ransomware is hitting companies of all sizes, sometimes with disastrous results. Many companies need to put together a specific plan for ransomware, known as a “ransomware playbook.” We think even small firms should spend some time planning what they will do if they're hit. When ransomware hits, […]
Read moreNovember 30, 2019 by Josh Ablett
Banking Trojans are back, and they're nasty. Click on the wrong email, and hackers drain your firm's operating accounts. Incredibly, many of these attacks even defeat your bank's two-factor authentication. Here's a great article that explains how banking trojans bypass two-factor authentication. So what should every business do to protect yourself against banking trojans? The […]
Read moreNovember 27, 2019 by Josh Ablett
Wire fraud is a huge problem for Registered Investment Advisors. Every day, criminals trick firms like yours into wiring funds out of client OR firm accounts. What is the SEC Cybersecurity Guidance on wire fraud? And what are the best practices to stop wire fraud in firms today? It’s critical that your staff identify these […]
Read moreNovember 19, 2019 by Josh Ablett
As our work moves online and becomes more digital, our risks are changing. In recognition of this fact, registered investment advisors must take cybersecurity seriously. The SEC cybersecurity guidance lays out clear directions for taking cybersecurity risks seriously. And one of the biggest threats to your firm today is phishing. The SEC Cybersecurity Guidance seems […]
Read moreNovember 17, 2019 by Tias
In our line of work, we hear a lot of myths and rumors. For example, some people say that Microsoft365 isn’t SEC compliant because it’s in the cloud. We have also heard some people saying the same about Google’s Google Workspace. But what does the SEC Cybersecurity Guidance say? While the SEC Cybersecurity Guidance does […]
Read moreNovember 15, 2019 by Kate Bowie
As businesses are digitally transformed, our exposure to risk is changing. In the financial industry, the stakes are much higher. The SEC Cybersecurity Guidance helps registered investment advisors respond to these threats. It also makes sure that they have a plan in place to respond to them. For example, one such threat is the loss […]
Read moreNovember 13, 2019 by Kate Bowie
When firms think about cybersecurity, they’re tempted to focus on the tech. Hopefully, you're already having internal conversations about which tools you need to fight phishing or to keep your mobile devices safe. One area where we've seen a lot of firms struggle, though, is in figuring out what to do when something BAD happens. […]
Read moreNovember 5, 2019 by Kate Bowie
Protecting Your Business’ Most Sensitive Mobile Data Gone are the days of the rotary phone. Data is immensely portable. As we — individuals, consumers, corporate employees, investment advisors and financial investors — continue to rely on our mobile devices for everything, the level and amount of sensitive data that is stored on our mobile devices […]
Read moreNovember 4, 2019 by Josh Ablett
Cybercriminals are quite nimble in outsmarting protection measures. This makes it essential to be proactive and stay one step ahead of bad actors. The SEC Cybersecurity Guidance provides a lot of information about security and compliance. But it doesn’t specify what steps firms should take to teach their clients how to be safe online from cyber threats. […]
Read moreNovember 3, 2019 by Kate Bowie
Welcome back to SEC Cybersecurity Guidance: Business Continuity Planning. The first steps (found here in Part 1) are: List your Specific Needs, and Discuss and Document... and here, in Part 2, we talk, and plan, and test. Disclaimer: we are STILL not lawyers. We are cybersecurity practitioners who work with a lot of registered investment […]
Read more