SEC Cybersecurity Service
The SEC is serious about cyber security. You should be too.
Are you a Registered Investment Advisor? If so, you know that compliance with the SEC cybersecurity guidance is mandatory.
The SEC and FINRA have made it very clear that cybersecurity will be a focus in their upcoming exams.
But how do you choose the right SEC cybersecurity service?
Do any of these sound familiar?
- You need a cybersecurity policy (SEC item #1), but aren’t sure where to start.
- You have a cybersecurity policy, but aren’t confident you’re following it.
- You have an IT service, but aren’t confident about their cybersecurity expertise. They’re an IT team, not a SEC cybersecurity service.
- You’re worried that you’re unprepared for a SEC cybersecurity audit.
- You want to do everything you can to protect client funds and prevent a data breach, and you’re not sure you are.
If this sounds like your firm, we can help.
Top 3 SEC Cybersecurity Mistakes RIA’s Make
We meet with registered investment advisors about cybersecurity every day. Here are the top three mistakes we see time and time again:
1) Trying to solve cybersecurity with the “right template.”
Unscrupulous vendors will try to sell you templatized or “fully automated” cybersecurity solutions. There is no one-size-fits-all solution. Using the wrong tool or template is a recipe for audit disaster. Auditors want to see evidence that you’re living your policy, not that it’s a 200-page doorstop.
2) Having 100% blind faith in your IT team.
When you’re audited, the auditors will ask you “how do you know” quite a bit. How do you know the cybersecurity programs installed on your computers are working? How do you know your IT team isn’t stealing data and selling it on the black market? How do you know your IT vendor is doing their due diligence before giving a new tech access to all your client data? How do you know your IT team is up on the latest cyber threats? You need to be prepared with answers and evidence, not shrugs and guesses.
3) Putting this off until later.
Let’s be honest. For most people, dealing with cybersecurity is about as exciting as going to the dentist. It’s an annoying chore that takes you away from your real work, which is to make more money for your clients. But the SEC and FINRA are focusing on this because the risk is very real. Actual investment firms just like yours have had data breaches. They’ve had client funds wired out. They’ve even had operating accounts stolen.
2019 is the year to get this done. Not just because the SEC and FINRA require it for financial services companies. It’s the right thing to do for your clients.
The Solution: AdeliaRisk’s SEC Cybersecurity Service
My name is Josh Ablett, and I’m the Chief Information Security Officer at Adelia Risk.
We’ve been helping clients with cybersecurity since 2010. We’ve worked with companies ranging from 5 to 150,000 people.
Our job is to make you secure with the least amount of hassle possible.
We’re a little different from typical cybersecurity firms.
Most firms charge a whopping fee for an upfront assessment and then leave you to fix things.
Your limited time and budget are better spent actually addressing your cybersecurity threats. Not spending weeks on analysis to get an overwhelming 200 page report of issues.
In a few weeks, we build a list of areas where you need to improve your cybersecurity. And then we jump in and help you fix it.
Along the way, we install the products and services you need to comply with the SEC cybersecurity guidance.
Our SEC Cybersecurity Service is a one-stop-shop for everything you need.
Learn More about our SEC Cybersecurity Service
For each client, we create a custom solution based on what you need.
Typically, our SEC Cybersecurity Service proposals include:
- Gap assessment against the SEC cybersecurity regulations
- Help writing / editing cybersecurity policies
- Detailed reviews of security settings of cloud services (e.g., Office365, G Suite, Dropbox)
- Third party vendor risk reviews
- On-going cybersecurity governance meetings
- Training for employees on cybersecurity policy
- Daily office network scanning
- DNS monitoring and alerting
- Employee data breach monitoring
- Internet map monitoring
- SimpleSIEM™ – hosted SIEM for log retention and easy searching
- SIEM anomaly detection alerts on usual activity to detect a cyber intrusion
- Video-based cybersecurity training for all employees
- Comparison with peers on cybersecurity training effectiveness
- External vulnerability scans
- Internal vulnerability scans
- Phishing tests / just-in-time training
- End user security tests
- Executive cybersecurity briefings and risk assessments
The first step to getting a custom proposal is a free Cybersecurity Strategy Session.
In about 45 minutes, we’ll have a substantive conversation about your cybersecurity.
We’ll also do a quick assessment to get your Twenty One Pillars of Cybersecurity (TOPC) score. The TOPC score is an easy way to see how your firm measures up, on a score of 0 – 100.