Author: admin

For Registered Investment Advisers and related financial firms, the threat landscape extends beyond external hackers to include risks posed by those within the organization – known as insider threats.

A recent discussion featured insights from Adam Grech of Strategic Insight Group (SIG Intelligence) an expert at a private intelligence firm specializing in investigative research.

Brian Hahn, outlines a comprehensive approach for Registered Investment Advisers (RIAs) to build SEC-ready cybersecurity compliance programs, even from a starting point with no existing documentation or technical operations.

He breaks down the process into two core areas: the operational framework, focused on identifying and protecting client data and assets by understanding how employees interact with this sensitive information and where it resides across various systems and locations, including remote work environments; and the compliance framework, which aligns with regulatory expectations, with a strong recommendation to follow the proposed 2064-9 regulation as the current highest standard.

Please forgive the terrible Zoolander references in our marketing. Hopefully, you are here for cybersecurity compliance advice, and not marketing advice.

With that said….

The cybersecurity landscape is a dynamic one, constantly evolving with new challenges and threats that specifically impact SEC-registered firms.

In this video, we offer an in-depth analysis of the cybersecurity trends that are shaping 2024. We explore the rise in zero-day vulnerabilities, the profound effects of generative AI on email security, and the escalating significance of IoT security.

In this video, we will scrutinize the prevalent cybersecurity shortcomings in the SEC RIA CCO community and dissect their potential legal exposure.

In light of the SEC’s recent intention to prosecute the CISO of SolarWinds following a high-profile breach, comprehending the intricacies of the cybersecurity terrain and the accompanying responsibilities has never been more imperative.

This informative video provides Registered Investment Advisers (RIAs) with professional advice on navigating the complex landscape of cybersecurity compliance.

In this webinar, we explore how SEC Rule 206(4)-9 is not just a regulatory hurdle, but an opportunity to strengthen your firm’s cybersecurity practices. We offer clear, concise, and unbiased guidance on overcoming operational challenges, developing effective compliance strategies, and leveraging regulatory requirements to enhance your firm’s cybersecurity standing.

Are you a Registered Investment Adviser (RIA) or involved in supporting the RIA space and finding the landscape of cybersecurity compliance increasingly challenging? With new regulations on the horizon, understanding and implementing robust security measures is no longer optional – it’s becoming a strict regulatory requirement. To help navigate this complex environment and prepare for the upcoming SEC 206(4)-9 regulations.

In this insightful session, Brian delves into the operational and compliance challenges posed by the proposed 206(4)-9 rule and discusses tangible solutions. He provides a framework for building a comprehensive cybersecurity program, emphasizing the need for detailed policies and procedures, conducting thorough risk and threat assessments (including vendors), documenting user access rights, and implementing threat and vulnerability management. The discussion also covers the crucial element of mandatory employee security awareness training, as well as the importance of maintaining proper cyber record keeping and developing a cyber response and recovery plan.

In this comprehensive tutorial, we’ll empower you with the knowledge and tools to protect yourself and your organization against email spoofing attacks. Email spoofing can lead to phishing scams, data breaches, and compromised security. But fear not, as we unravel the mystery behind SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) records.

Join us as we delve into the fundamental concepts of these email authentication protocols and demonstrate step-by-step how to implement them effectively. Discover how SPF validates the sender’s IP address, how DKIM adds a digital signature to your outgoing emails, and how DMARC combines both to provide a robust defense against spoofed emails.

In this video we will discuss the details what you need to include in your firm’s policy and procedures manual to make sure it will withstand an examination.

It is essential for SEC registered investment advisors to have a comprehensive cybersecurity policies and procedures manual in order to remain compliant with the latest cybersecurity regulation, known as 206(4)-9, released by the Securities and Exchange Commission.