Managed Service Providers Under Attack In the past month, a Managed Service Provider (MSP), or what many registered investment advisers might utilize as their outsourced IT Provider, was breached, exposing up to 2000 user endpoints to issues of disruption and perhaps worse. The IT Vendor was subsequently urged to pay ransom of [...]
Boards and C-Suites in Shareholders' Legal Crosshairs for Data Breaches As companies attempt to balance data security and privacy with data utility, security breaches have exploded in frequency. Hardly a month passes without headlines of a business experiencing a data breach involving the unauthorized disclosure of consumers’ personal and financial information. These [...]
Logical Encryption Controls to Secure Your Firm Encryption is all the rage today. Regulators are asking firms about their encryption policies, and those who do not have well-executed strategies can find themselves at risk of examination deficiencies or enforcement. With NSA spying allegations, the general public has begun to understand that encryption [...]
Recent guidance from the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the FBI suggests that Business Email Compromise (BEC) that leads to fraudulent wire transactions remains a significant threat to the industry. While the controls listed in the June 19th Fraud Alert were primarily directed at executives, Advisors and other [...]
Data Classification, Retention, and Security Part 1: What Do We Have Here? Recent SEC and DOJ guidance has placed great emphasis on Data Security through Data Classification. Regulators are expecting you to classify your information based upon criticality and sensitivity, but where do you begin? Take a minute and think about all the [...]
Legal and Financial firms should be aware of and understand the guidance offered by the U.S. Department of Justice, Criminal Division, Cybersecurity Unit, titled “Best Practices for Victim Response and Reporting of Cyber Incidents” which was issued last Friday, April 29, 2015. We sit up and pay attention when Executive Departments with [...]
The SEC has offered definitive guidance on Cybersecurity, tying failures or shortcomings in practices to specific Rules and Regulations and paving the way for potential enforcement. While we have been discussing the path the SEC was implying for some months in the wake of the Cybersecurity Sweep results of February 3, 2015, [...]
Evidence continues to mount for broad acceptance of NIST CSF Action Item: Executives, General Counsels, Compliance Officers, and Board Members, across industries, should consider these principles. Last week (April 17, 2015), the National Association of Insurance Commissioners (NAIC) adopted twelve basic principles to provide guidance to insurers, producers, and other regulated entities. [...]
Periodically, the heat is turned up on the Legal Industry and recently the New York Times reported on the concept of information sharing between Wall Street Banks and Law Firms.[1] This came to mind as I had breakfast with one of the policy architects of public/private initiative which led to the creation [...]