Reasonable Threat Intelligence

Managed Service Providers Under Attack In the past month, a Managed Service Provider (MSP), or what many registered investment advisers might utilize as their outsourced IT Provider, was breached, exposing up to 2000 user endpoints to issues of disruption and perhaps worse.  The IT Vendor was subsequently urged to pay ransom of [...]

Training – Are You Doing Enough To Meet Regulatory Expectations?

The Division of Investment Management’s recent cybersecurity guidance suggested that firms consider implementing training to provide guidance to officers and employees “concerning applicable threats and measures to prevent, detect, and respond to… threats and that monitor compliance with cybersecurity policies and procedures.” In addition, the Division suggested that firms “may wish to [...]

By |2018-01-25T21:28:17-04:00June 17th, 2015|Best Practices, Cyber Security|0 Comments

Is Risk Assessment Mandatory Via Recent SEC and FINRA Guidance?

This may be one of those cases where regulatory expectation is just as important as the written Rule.  The Division of Investment Management's April 28 guidance used the following language: “In the staff’s view, there are a number of measures that funds and advisers may wish to consider in addressing cybersecurity risk.”  [...]

By |2018-01-25T21:35:45-04:00June 10th, 2015|Best Practices, Cyber Security|0 Comments

Security Through Data Classification Part II – Defining a Schema

As we discussed in Part I of our data classification series, the regulatory expectation from both the SEC and the DOJ is that your firm will implement some form of a data classification system that will allow you to adequately protect your business’s sensitive information. In addition, a thoughtfully executed data classification system will [...]

By |2018-01-25T21:39:51-04:00May 26th, 2015|Best Practices, Data Classification|0 Comments

Fraud, Breach, and Insider Activity

Just weeks ago, SEC Commissioner Aguilar’s Chief of Staff noted that the SEC is about to enter “a time of great change” regarding regulation for breach disclosure. Just weeks later, the guidance from the Division of Investment Management reinforced this notion by commenting that “in the staff’s view, funds and advisers should [...]

By |2018-01-25T21:41:16-04:00May 14th, 2015|Best Practices, Cyber Security|0 Comments

DOJ Follows the SEC With Guidance on Breach Practices

Legal and Financial firms should be aware of and understand the guidance offered by the U.S. Department of Justice, Criminal Division, Cybersecurity Unit, titled “Best Practices for Victim Response and Reporting of Cyber Incidents” which was issued last Friday, April 29, 2015. We sit up and pay attention when Executive Departments with [...]

Incident Response Planning – Are You Ready?

Most companies have a cybersecurity plan of sorts in place already. When we speak, in general terms, about the first three key functions in the NIST Cybersecurity Framework, “Identify”, “Detect”, and “Protect”, we are met with understanding. After all, these categories make sense to all of us. Identifying those assets that need [...]

By |2018-01-26T17:36:56-04:00April 14th, 2015|Best Practices, Cyber Security|0 Comments