Reasonable Threat Intelligence

Managed Service Providers Under Attack In the past month, a Managed Service Provider (MSP), or what many registered investment advisers might utilize as their outsourced IT Provider, was breached, exposing up to 2000 user endpoints to issues of disruption and perhaps worse.  The IT Vendor was subsequently urged to pay ransom of [...]

Boards and C-Suites in Shareholders’ Legal Crosshairs for Data Breaches

Boards and C-Suites in Shareholders' Legal Crosshairs for Data Breaches As companies attempt to balance data security and privacy with data utility, security breaches have exploded in frequency.  Hardly a month passes without headlines of a business experiencing a data breach involving the unauthorized disclosure of consumers’ personal and financial information.  These [...]

By |2018-01-20T12:05:35-04:00September 16th, 2015|Data Protection|0 Comments

Logical Encryption For Your Firm

Logical Encryption Controls to Secure Your Firm Encryption is all the rage today. Regulators are asking firms about their encryption policies, and those who do not have well-executed strategies can find themselves at risk of examination deficiencies or enforcement. With NSA spying allegations, the general public has begun to understand that encryption [...]

By |2018-01-22T11:39:11-04:00September 8th, 2015|Cyber Security, Data Protection, Encryption|0 Comments

Wire Fraud and Executive Email – Are you Doing Enough?

Recent guidance from the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the FBI suggests that Business Email Compromise (BEC) that leads to fraudulent wire transactions remains a significant threat to the industry. While the controls listed in the June 19th Fraud Alert were primarily directed at executives, Advisors and other [...]

By |2018-01-25T20:18:56-04:00June 25th, 2015|Cyber Security, Data Protection|0 Comments

Security Through Data Classification

Data Classification, Retention, and Security Part 1: What Do We Have Here? Recent SEC and DOJ guidance has placed great emphasis on Data Security through Data Classification. Regulators are expecting you to classify your information based upon criticality and sensitivity, but where do you begin? Take a minute and think about all the [...]

DOJ Follows the SEC With Guidance on Breach Practices

Legal and Financial firms should be aware of and understand the guidance offered by the U.S. Department of Justice, Criminal Division, Cybersecurity Unit, titled “Best Practices for Victim Response and Reporting of Cyber Incidents” which was issued last Friday, April 29, 2015. We sit up and pay attention when Executive Departments with [...]

Cybersecurity Guidance from the Insurance Industry Endorses NIST Framework

Evidence continues to mount for broad acceptance of NIST CSF Action Item: Executives, General Counsels, Compliance Officers, and Board Members, across industries, should consider these principles. Last week (April 17, 2015), the National Association of Insurance Commissioners (NAIC) adopted twelve basic principles to provide guidance to insurers, producers, and other regulated entities. [...]

By |2018-01-25T21:49:36-04:00April 22nd, 2015|Data Protection, Information Security|0 Comments

Law Firms: The Current State of Affairs

Periodically, the heat is turned up on the Legal Industry and recently the New York Times reported on the concept of information sharing between Wall Street Banks and Law Firms.[1]  This came to mind as I had breakfast with one of the policy architects of public/private initiative which led to the creation [...]