SEC Cybersecurity Service
The SEC is serious about cyber security.
You should be too.
Are you a Registered Investment Advisor? If so, you know that compliance with the SEC cybersecurity guidance is mandatory.
- You need a cybersecurity policy (SEC item #1), but aren’t sure where to start.
- You have a cybersecurity policy, but aren’t confident you’re following it.
- You have an IT service, but aren’t confident about their cybersecurity expertise. They’re an IT team, not a SEC cybersecurity service.
- You’re worried that you’re unprepared for a SEC cybersecurity audit.
- You want to do everything you can to protect client funds and prevent a data breach, and you’re not sure you are.
Top 3 SEC Cybersecurity Mistakes RIA’s Make
We meet with registered investment advisors about cybersecurity every day.
Here are the top three mistakes we see time and time again:
1) Trying to solve cybersecurity with the “right template.”
Unscrupulous vendors will try to sell you templatized or “fully automated” cybersecurity solutions. There is no one-size-fits-all solution. Using the wrong tool or template is a recipe for audit disaster. Auditors want to see evidence that you’re living your policy, not that it’s a 200-page doorstop.
2) Having 100% blind faith in your IT team.
When you’re audited, the auditors will ask you “how do you know” quite a bit. How do you know the cybersecurity programs installed on your computers are working? How do you know your IT team isn’t stealing data and selling it on the black market? How do you know your IT vendor is doing their due diligence before giving a new tech access to all your client data? How do you know your IT team is up on the latest cyber threats? You need to be prepared with answers and evidence, not shrugs and guesses.
3) Putting this off until later.
Let’s be honest. For most people, dealing with cybersecurity is about as exciting as going to the dentist. It’s an annoying chore that takes you away from your real work, which is to make more money for your clients. But the SEC and FINRA are focusing on this because the risk is very real. Actual investment firms just like yours have had data breaches. They’ve had client funds wired out. They’ve even had operating accounts stolen.
2020 is the year to get this done. Not just because the SEC and FINRA require it for financial services companies. It’s the right thing to do for your clients.
Adelia Risk’s SEC Cybersecurity Service is listed/included on Schwab OpenView MarketSquare®.Learn more at http://www.schwabintelligenttechnologies.com/ProviderSolutions.Schwab OpenView MarketSquare® is a service of Schwab Intelligent Technologies ® and provides profiles of products and services of participating vendors. Unless otherwise noted, technology vendors are not affiliated with Schwab or any of its affiliates. A technology vendor’s participation in MarketSquare does not express or imply any opinion, recommendation or endorsement by Schwab of any participating vendor or product. Neither Schwab nor any of its affiliates makes any representation or warranty about accuracy, completeness, timeliness or any other quality of the information furnished by any participating vendor.
The Solution: AdeliaRisk’s SEC Cybersecurity Service
Learn More about our SEC Cybersecurity Service
For each client, we create a custom solution based on what you need.
Typically, our SEC Cybersecurity Service proposals include:
- Gap assessment against the SEC cybersecurity regulations
- Help writing / editing cybersecurity policies
- Detailed reviews of security settings of cloud services (e.g., Office365, G Suite, Dropbox)
- Third party vendor risk reviews
- On-going cybersecurity governance meetings
- Training for employees on cybersecurity policy
- Daily office network scanning
- DNS monitoring and alerting
- Employee data breach monitoring
- Internet map monitoring
- SimpleSIEM™ – hosted SIEM for log retention and easy searching
- SIEM anomaly detection alerts on usual activity to detect a cyber intrusion
- Video-based cybersecurity training for all employees
- Comparison with peers on cybersecurity training effectiveness
- External vulnerability scans
- Internal vulnerability scans
- Phishing tests / just-in-time training
- End user security tests
- Executive cybersecurity briefings and risk assessments