Information Technology professionals typically view Data Loss Prevention in a rather narrow way: DLP is a set of tools, products, and/or practices that can be used to monitor for or restrict the transmission of sensitive data outside of a given organization. Operating under this assumption, Data Loss Prevention can be an [...]

EMPLOYEE ONBOARDING – LAYING THE FOUNDATION FOR A SECURE WORKFORCE Oftentimes, a company-wide shift in policy can seem a daunting task. Many of the people we speak to discuss their desire to promote cybersecurity and to meet newly-discovered regulatory obligations. “But,” they ask, “where do I begin? My staff have been [...]

Six Considerations for Investment Advisers and the CCO The concept of “Attack Surface” with respect to IT program exposure has become more relevant due to the advent of new technologies such as cloud-based services and applications, the proliferation of mobile devices for business use, and the acceleration of breach activities. As [...]

Understanding the SEC's Focus on Governance “There is no such thing as bad publicity,” a notorious circus promoter allegedly once said.[1]  And cybersecurity sure has had its fair share lately.  Hardly a month, week or day goes by without another news flash that some company, government institution or law enforcement agency [...]

5 Steps for Advisers and Broker-Dealers in the Wake of R.T. Jones The SEC’s Order referenced R.T. Jones’s failure “to adopt any written policies and procedures reasonably designed to safeguard its clients’ PII as required by the Safeguards Rule.”  This isn’t the first time the Commission has invoked Rule 30(a) of [...]