The SEC’s Office of Compliance Inspections and Examinations (OCIE) recently released its national examination priorities for 2017.
While reviewing the regulator’s examination initiatives to protect investors—and the overall integrity of the U.S. capital markets—as the investment landscape continues to become more complex, we uncovered several SEC priorities that underscore the benefits of a turnkey approach to IT and cybersecurity.
In September 2016, the New York State Department of Financial Services (NYDFS) announced its plan for a first-in-the-nation cybersecurity regulation to help protect the state’s financial institutions and the consumers they serve. Then, three months later, after receiving feedback from financial institutions, industry representatives and other parties, the NYDFS scaled back its proposed regulation.
It’s understandable that the NYDFS put forth a plan to help protect financial services firms and their clients in the wake of a rapidly growing cybersecurity threat. It’s also reasonable that banking associations and other financial services industry organizations would lobby the NYDFS to loosen any potential rules so that they are less expensive and onerous for the firms they represent.
Proper security controls and vendor due diligence could have helped the broker-dealer avoid a $650,000 settlement with the Financial Industry Regulatory Authority (FINRA).
On November 14, a subsidiary of Lincoln Financial Group agreed to accept a $650,000 fine brought by FINRA to implement more robust security measures following a hacking that compromised the information of 5,400 clients. This case, over the firm’s safeguards for client data residing in the cloud, is a prime example of the risks firms take when they fail to implement strong security controls and properly assess their third-party vendors.
Their own devices may have played a role in the hack that shut down several major websites.
Why should wealth management firms care about yet another hack that temporarily downed a few websites? Because, this time, your clients care. After all, “the Internet of Things” affects everyone.
The Mirai botnet attack that recently prevented access to over 1,200 websites including Twitter, Amazon, Netflix and PayPal is unprecedented in technique and scope. It hijacked thousands of internet-enabled devices like cameras, DVRs, Smart TVs and refrigerators to flood the domain registration services provider Dyn Inc. with a massive distributed denial of service (DDOS) attack. Since Dyn provides domain name services to some of the largest companies on the web, the result was widespread.
Anybody, including wealth management clients, could own the devices that played a role in the hack. Moreover, a similar hack could just as easily crash the websites of banks, broker-dealers, custodians or even RIAs. And, although this incident may be the work of amateurs, experts agree that it likely will inspire others in the future. Here’s what advisory firms and their clients should know about this evolving threat.
Public, private and hybrid solutions offer distinct pros and cons for wealth managers.
By now you probably know that cloud computing delivers shared data and software resources on demand through the internet. But you might still be wondering about all the varieties of cloud platforms on the market. This primer explores those differences, and explains why External IT operates as something called a “private hybrid cloud,” which we believe is the best approach for independent wealth management firms.
Biggest data breach in history proves it. Your firm needs External IT's security awareness training.
Last Thursday Yahoo announced that hackers stole the personal information of over half a billion of its users, including usernames, passwords, birthdates, and answers to security questions. The Yahoo hack took place in 2014, and many are questioning how the biggest data breach in history could have gone undetected for two years.
The internet company’s woes should serve as a stark warning for wealth management firms about the vulnerability of client data, as well as the potential for regulatory scrutiny and damage to a firm’s reputation.
Here are highlights of the powerful insights that industry leaders shared at our inaugural event.
We were honored that some of the most respected leaders in wealth management technology and cybersecurity joined us Monday, at the Microsoft Conference Center in New York, for our first summit. These experts shared powerful insights about successful software adoption, the breakaway broker trend, succession planning, millennial priorities, regulatory developments, and more. Here’s a summary of highlights from the event.
MyVirtualCOO’s Jennifer Goldman explains why new is not always better for your IT system.
On Sept. 19, Jennifer Goldman of My Virtual COO will speak at External IT’s inaugural Wealth Management Technology & Cybersecurity Summit in New York. This event gathers industry leaders and influencers for a day of collaboration and networking on the most crucial matters impacting their businesses. This blog is the fifth in the series of profiles of speakers for the upcoming summit.
New financial technology software hits the market so frequently that wealth management firms often struggle to keep up with every trend on the horizon. Advances in fintech may prove useful at some point, but RIA owners and executives must remember why new tech is not always better tech.
MarketCounsel’s Brian Hamburger says internal reviews must accompany external vigilance.
On Sept. 19, Brian Hamburger of MarketCounsel will speak at External IT’s inaugural Wealth Management Technology & Cybersecurity Summit in New York. This event gathers industry leaders and influencers for a day of collaboration and networking on the most crucial matters impacting their businesses. This blog is the fourth in the series of profiles of speakers for the upcoming summit.
If your wealth management firm is looking for some groundbreaking combination of software and hardware that has a surefire way of keeping regulators from complicating your life, think again, warns Brian Hamburger of MarketCounsel.
eSentire’s Eldon Sprickerhoff says airtight policies and processes fortify up-to-date software.
On Sept. 19, Eldon Sprickerhoff of eSentire will speak at External IT’s inaugural Wealth Management Technology & Cybersecurity Summit in New York. This event gathers industry leaders and influencers for a day of collaboration and networking on the most crucial matters impacting their businesses. This blog is the third in the series of profiles of speakers for the upcoming summit.
A few years ago, the cybersecurity provider eSentire noticed suspicious activity on the operating system of a client. An employee at the client’s firm had conducted a simple Internet search about cell phone chargers, and the website the employee clicked onto as a result of that search triggered a malware attack.