ThreatWire

MTradecraft’s Threatwire is a popular cybersecurity blog designed to help SEC registered firms stay up to date on the latest cyber threats.

By providing news, expert opinions, and education, Threatwire helps organizations understand the nuances of today’s cyber security landscape and stay ahead of emerging threats and compliance regulation.

Our Latest Posts

• 
  The Cybersecurity Liability of the CCOs and other Executives of SEC Registered FirmsNovember 20, 2023
  In this video, we will scrutinize the prevalent cybersecurity shortcomings in the SEC RIA CCO community and dissect their potential legal exposure. In light of the SEC’s recent intention to prosecute the CISO of SolarWinds following a high-profile breach, comprehending the intricacies of the… Read more: The Cybersecurity Liability of the CCOs and other Executives of SEC Registered Firms
• 
  Beyond Compliance: Enhancing Cybersecurity with SEC Rule 206(4)-9 – A Webinar by MTradecraftNovember 20, 2023
  This informative video provides Registered Investment Advisers (RIAs) with professional advice on navigating the complex landscape of cybersecurity compliance. In this webinar, we explore how SEC Rule 206(4)-9 is not just a regulatory hurdle, but an opportunity to strengthen your firm’s cybersecurity practices. We… Read more: Beyond Compliance: Enhancing Cybersecurity with SEC Rule 206(4)-9 – A Webinar by MTradecraft
• 
  The CRVT ReportNovember 20, 2023
  The CRVT Report – Cybersecurity Risk, Vulnerability, and Threat Assessments for SEC Registered Firms Our comprehensive cybersecurity threat and risk assessment reports tailored specifically for SEC registered investment advisory firms. These reports delve deep into the intricate landscape of digital threats, providing a thorough… Read more: The CRVT Report
• 
  Compliance 101: A Guide to Mastering the new SEC Cybersecurity Regulations; 206(4)-9August 23, 2023
  Are you a Registered Investment Adviser (RIA) concerned about how to comply with the new SEC 206(4)-9 Cybersecurity regulations? Don’t worry, MTradecraft has you covered! Learn more in our latest video. Our team of experts will explain the operational challenges posed by the new… Read more: Compliance 101: A Guide to Mastering the new SEC Cybersecurity Regulations; 206(4)-9
• 
  Policies and Procedures Manuals for SEC Registered FirmsAugust 16, 2023
  In this video, we will discuss the essential items that the SEC expects to see covered in your policies and procedures manual for SEC registered firms. One crucial aspect that the commission looks for is how you manage user access rights. It is vital… Read more: Policies and Procedures Manuals for SEC Registered Firms
• 
  How to Prevent Hackers From Spoofing Your EmailAugust 16, 2023
  In this comprehensive tutorial, we’ll empower you with the knowledge and tools to protect yourself and your organization against email spoofing attacks. Email spoofing can lead to phishing scams, data breaches, and compromised security. But fear not, as we unravel the mystery behind SPF… Read more: How to Prevent Hackers From Spoofing Your Email
• 
  How to Conduct Vendor Due DiligenceAugust 16, 2023
  In this Vendor Due Diligence video, we share the essential questions you need to ask vendors to ensure the security of your sensitive data. Protecting your information is crucial in today’s digital landscape, and it’s important to select vendors with robust security controls in… Read more: How to Conduct Vendor Due Diligence
• 
  Preventing Cybersecurity Breaches: The Story of Sharon, an RIA Employee Who Lost $748MM in Client Assets to Hackers.July 11, 2023
  MTradecraft was recently hired to perform a penetration test against an RIA. Our top objective was to find any sensitive or leaked data from the company and assess if an external attacker could access the portfolio management software (PMS). We also aimed to conduct… Read more: Preventing Cybersecurity Breaches: The Story of Sharon, an RIA Employee Who Lost $748MM in Client Assets to Hackers.
• 
  206(4)-9: An Update On the SEC’s Cybersecurity Regulations From HellJuly 6, 2023
  Our latest webinars have been focusing on the new cybersecurity regulations, 206(4)-9, for over a year now as I have been mainly helping companies to understand and comply with the new regulations. Thus, I think it’s crucial to keep our audience informed about this… Read more: 206(4)-9: An Update On the SEC’s Cybersecurity Regulations From Hell
• 
  How SEC Registered Firms Can Build a Security Fortress that Would Make the NSA and CIA Jealous.June 23, 2023
  In this webinar, we discuss the actions that we take to build insanely secure financial institutions using the kind the same technologies and ideas deployed by the NSA and the CIA. It’s time to face the truth: moving clients to the cloud and relying… Read more: How SEC Registered Firms Can Build a Security Fortress that Would Make the NSA and CIA Jealous.
• 
  Reviewing a Cybersecurity Documentation Request List from the SECMay 5, 2023
  In this video, we take a deep dive into the latest SEC regulations on cybersecurity documentation, including a detailed examination of a recent letter the SEC sent to an RIA prior to an examination. We will explore this Examination Information Request Letter from the… Read more: Reviewing a Cybersecurity Documentation Request List from the SEC
• 
  Cybersecurity Incident Response Plans for SEC Registered FirmApril 20, 2023
  In this video, we explore why it is important for SEC registered firms to have a comprehensive cybersecurity response plan in place. A good plan should include preparation and awareness initiatives to help prevent incidents, containment processes so that the attack can be contained… Read more: Cybersecurity Incident Response Plans for SEC Registered Firm
• 
  How to Conduct A Cybersecurity Risk and Threat Assessment for SEC Registered FirmsMarch 15, 2023
  Keep your financial organization safe and compliant with the SEC. In this webinar, you’ll learn how to conduct a comprehensive cybersecurity risk assessment designed specifically for SEC registered firms. Discover what cyber risks may haunt your organization, uncover weaknesses in your system, identify potential… Read more: How to Conduct A Cybersecurity Risk and Threat Assessment for SEC Registered Firms
• 
  The Master Guide to Building a Cybersecurity Policies and Procedures Manual for an SEC Registered Investment AdvisorMarch 15, 2023
  In this video we will discuss the details what you need to include in your firm’s policy and procedures manual to make sure it will withstand an examination. It is essential for SEC registered investment advisors to have a comprehensive cybersecurity policies and procedures… Read more: The Master Guide to Building a Cybersecurity Policies and Procedures Manual for an SEC Registered Investment Advisor
• 
  Looking ahead at the SEC’s Cybersecurity Regulations in 2023March 15, 2023
  With 2023, SEC-registered RIAs will be bracing for an unprecedented challenge: tackling cyber operations compliance with the upcoming 206(4)-9 regulations. In this video, MTradecraft discusses what lies ahead for firms in 2023 as 206(4)-9 is set to debut.
• 
  How will the SEC’s new cybersecurity regulations affect your RIA?March 15, 2023
  Unveiling the latest SEC cybersecurity regulations, we delve into the ripple effect on Registered Investment Advisors (RIAs) regarding compliance and smooth operations. Discover the mandatory safeguards to fortify your clients’ digital realms and ensure seamless adherence to these trailblazing regulations.
• 
  Don’t Be The Next Equifax: SEC and FINRA Cybersecurity Awareness TrainingMarch 15, 2023
  Discover how to seamlessly integrate a Cybersecurity Awareness Training Program within your SEC or FINRA registered firm using a straightforward three-step methodology. Elevate your firm’s security by empowering your employees with essential knowledge and skills. Need Help Training your Employees? Check out our FieldCraft… Read more: Don’t Be The Next Equifax: SEC and FINRA Cybersecurity Awareness Training
• 
  The Dangers of Bring Your Own Device Policies for SEC Registered FirmsMarch 15, 2023
  Explore the critical risks associated with Bring Your Own Device (BYOD) policies for SEC registered firms that potentially expose sensitive data to cybercriminals. Gain insights from an experienced ethical hacker, formerly a CCO and COO, who has conducted over 200 security audits and penetration… Read more: The Dangers of Bring Your Own Device Policies for SEC Registered Firms
• 
  The SEC’s New Cybersecurity Regulations Are Extremely Dangerous for Registered FirmsMarch 15, 2023
  Join us for an insightful webinar, as we delve into the controversial cybersecurity reporting rule proposed by the Securities and Exchange Commission. With negative reactions pouring in from RIAs, Hedge Funds, and Family Offices, MTradecraft raises concerns over the potential threats presented by these… Read more: The SEC’s New Cybersecurity Regulations Are Extremely Dangerous for Registered Firms
• 
  An Overview of SEC Cybersecurity Regulation and Compliance Documentation RequirementsMarch 15, 2023
  Discover the SEC’s growing interest in cybersecurity and their ongoing efforts to maintain strict regulations through extensive investigations and assessments. Dive into this insightful video that unravels the complexities of cybersecurity compliance and documentation requirements for RIAs, Hedge Funds, Family Offices, and Broker-Dealers. Stay… Read more: An Overview of SEC Cybersecurity Regulation and Compliance Documentation Requirements
• 
  A CCO’s Technical Guide the SEC’s 206(4)-9 Cybersecurity ProposalMarch 15, 2023
  On Feb. 9, 2022, the SEC voted to propose new cybersecurity requirements for investment advisers, investment companies and business development companies known as 206(4)-9. In this technical discussion, we will focus on the new cybersecurity books and records rules found in 206(4)-9 and then… Read more: A CCO’s Technical Guide the SEC’s 206(4)-9 Cybersecurity Proposal
• 
  A Discussion on Cybersecurity Insurance related to Schwab and the SECMarch 15, 2023
  Embark on a riveting journey as we delve into the realm of cybersecurity insurance from two compelling perspectives! First, join us as conscientious CCOs to uncover the absolute necessity of possessing a cybersecurity insurance policy and the perils of facing an examination without one.… Read more: A Discussion on Cybersecurity Insurance related to Schwab and the SEC
• 
  The Dark Side: Watch us Hack a Hedge FundMarch 15, 2023
  Dive into the thrilling world of cybersecurity as we unmask the mysterious realm of hedge fund hacking. Witness the real-life virtual battlegrounds that echo Hollywood blockbuster scenes, unfolding the sinister tactics of these digital marauders. Join us on this electrifying journey as we unveil… Read more: The Dark Side: Watch us Hack a Hedge Fund
• 
  The Dark Web and Financial InstitutionsMarch 15, 2023
  Dive into the mysterious world of the Dark Web with us, as we explore the latest threats and cyber-attacks originating from this elusive network. Together, we’ll unravel the strategies used by hackers to leverage data from past breaches and launch sophisticated attacks that are… Read more: The Dark Web and Financial Institutions
• 
  Introduction to Cybersecurity E-BookMarch 14, 2023
  Since the dawn of the Internet, unscrupulous people have been using it to commit crimes. Despite technical advances when it comes to virus protection,unbreachable firewalls, and other guarding methods, cybercriminals are still getting through. Why? Because we simply let them in the front door.Human… Read more: Introduction to Cybersecurity E-Book
• 
  Microsoft 365: Security Benchmarks for SEC Registered FirmsFebruary 22, 2023
  As a registered firm with the Securities and Exchange Commission (SEC), it is important to have an adequate understanding of security benchmarks and how they can help ensure your IT infrastructure is deployed securely. This blog post will provide an overview of security benchmarks as they relate to Microsoft 365 and Office 365, explain why they are important, and discuss what I look for when auditing a firm’s Microsoft environment
• 
  Top 5 Things SEC Registered Firms Need to Do to Prepare for the New Cybersecurity Regulations in 206(4)-9 | MTradecraftFebruary 1, 2023
  In order to comply with the new cybersecurity regulations of 206(4)-9, SEC registered firms need to take a number of steps. Here are five of the most important ones.
• 
  SEC Proposed Cybersecurity Rules – What They Are and What Our Clients Should be Doing NowDecember 26, 2022
  2022 was a very busy year for cybersecurity with the SEC. The Securities and Exchange Commission (SEC) released a series of proposed regulations that would significantly increase SEC oversight of public companies’ cybersecurity-related matters. The new rules call for greater transparency in how organizations operate with regard to their cyber security policies and procedures, decision-making processes, as well as an oversight role from the Board regarding all aspects related to cyber security.
• 
  The Pros and (Mostly) Cons of RIAs Moving to the CloudNovember 1, 2022
  The Pros and (Mostly) Cons of RIAs Moving to the Cloud The “cloud” has revolutionized computing as we know it, providing SEC registered financial institutions with the ability to quickly deploy an online presence, scale as demand ebbs and flows, and provides the foundation… Read more: The Pros and (Mostly) Cons of RIAs Moving to the Cloud
• 
  The Dangers of MSPs for SEC and FINRA Registered FirmsOctober 18, 2022
  The Dangers of Managed IT Service Providers (MSPs) for SEC-registered Firms. (And Knowing When to RUN away from them) There is a conflict of interest between every MSP and their clients which makes MSPs an insider threat to every SEC or FINRA registered firm’s… Read more: The Dangers of MSPs for SEC and FINRA Registered Firms
• 
  Why Cybersecurity Awareness Training is Important for SEC Registered FirmsSeptember 26, 2022
  Earlier this year, the SEC announced Rule 206(4)-9 as part of their sweeping overhaul of cybersecurity regulations. We are moving from a period where the SEC provided cybersecurity “guidance” to a period of cybersecurity “regulation”. One of these proposed rules will require that firms… Read more: Why Cybersecurity Awareness Training is Important for SEC Registered Firms
• 
  The U.S. Securities and Exchange Commission (SEC) announced charges against 18 individuals that used hacked brokerage accounts to trade stocks and launder money.September 20, 2022
  A few days ago, the SEC announced charges against 18 defendants in an international scheme to manipulate stocks using hacked US brokerage accounts. In February of 2021, I hosted a webinar where we simulated a cyber attack on a hedge fund to show how… Read more: The U.S. Securities and Exchange Commission (SEC) announced charges against 18 individuals that used hacked brokerage accounts to trade stocks and launder money.
• 
  7 Steps to Compliant and Effective SEC Cybersecurity OperationsSeptember 19, 2022
  The SEC has released new regulations on cybersecurity practices for registered firms. These regulations are collectively known as 206(4)-9 In this blog post, we’ll .outline the seven steps your firm needs to take to strengthen its cybersecurity posture and meet the expectations of regulators.… Read more: 7 Steps to Compliant and Effective SEC Cybersecurity Operations
• 
  Webinar Recording: A Discussion on BYOD Policies at SEC Registered Firms.September 1, 2022
  In this webinar we discuss the dangers of Bring Your Own Device (BYOD) policies for SEC registered firms. BYOD policies can be a major security risk for firms as they open up the possibility for sensitive data to be accessed and stolen by malicious… Read more: Webinar Recording: A Discussion on BYOD Policies at SEC Registered Firms.
• 
  Bring Your Own Device Policies are a Total Nightmare for SEC Registered FirmsAugust 25, 2022
  Allowing employees to use their own personal devices for work is a stupid idea for all SEC registered firms. I’m not here to sell you a solution. There isn’t one. This is just the opinion of someone who has worn the CCO and COO… Read more: Bring Your Own Device Policies are a Total Nightmare for SEC Registered Firms
• Your Cybersecurity Insurance is Absolutely Worthless…and it will get worse.August 23, 2022
  To be clear, I am not trying to sell you a policy. I don’t sell policies. And, I don’t have a recommendation for a policy. I don’t have a solution for you because every policy I have seen is worthless. Which is why I… Read more: Your Cybersecurity Insurance is Absolutely Worthless…and it will get worse.
• An Overview of the SEC’s New Cybersecurity RegulationAugust 12, 2022
  In March, the Securities and Exchange Commission (SEC) proposed new cybersecurity risk management rules for organizations including registered investment advisers, registered investment companies, and business development companies (registered funds). The SEC is also proposing numerous modifications to existing rules governing investment adviser and registered… Read more: An Overview of the SEC’s New Cybersecurity Regulation
• 
  Hacker Tales: How Did BiFi get BuFu’d out of $2.25MM?July 25, 2022
  Let’s discuss BiFi. A few weeks ago, an attack was launched against BIFROST’s BiFi service. The hacker was able to steal 1,852 ETH ($2.25 million) from the project by exploiting a security hole in the service’s address management system. If you are going to… Read more: Hacker Tales: How Did BiFi get BuFu’d out of $2.25MM?
• The SEC’s 206(4)-9 Cybersecurity Regulation Prep PackageJuly 18, 2022
  Are you ready for the new cybersecurity regulations from the SEC? This prep package will help you get up to speed quickly. Let MTradecraft do the heavy lifting and fast-track your firm for the new cybersecurity regulations outlined in 206(4)-9. 206(4)- Prep Package by… Read more: The SEC’s 206(4)-9 Cybersecurity Regulation Prep Package
• Cybersecurity Insurance and the SECJuly 12, 2022
  In this video, we will put on our CCO hats and discuss why your firm absolutely needs a cybersecurity insurance policy and why you wouldn’t want to go through an examination without one. Then, we will switch gears and put on our ethical hacker… Read more: Cybersecurity Insurance and the SEC
• SEC Cybersecurity Trends for 2022July 8, 2022
  Towards the end of 2021 and now starting into 2022 we started seeing an increase in the number of SEC examinations that are focusing on cybersecurity compliance. In this video, I summarize and share some of the specific requests that we have seen in… Read more: SEC Cybersecurity Trends for 2022
• Compliance Template: The Employee Technology Usage AgreementJuly 8, 2022
  This is a template that can be used as a Technology Usage Agreement between an SEC or FINRA registered firm and their employees. We recommend that you have your employee sign this document during onboarding and also attest to it annually. This document should… Read more: Compliance Template: The Employee Technology Usage Agreement
• Cybersecurity Tips for RIAs and Hedge FundsJuly 8, 2022
  When it comes to privacy, as a Hedge Fund or Registered Investment Advisor (RIA), the protection of your client’s data is critical. A data breach might not only jeopardize your reputation but also result in hefty fines and penalties. Last year, the SEC fined… Read more: Cybersecurity Tips for RIAs and Hedge Funds
• The Dark Side – How to Hack a Hedge FundJuly 6, 2022
  In this video, we take a look at the dark side of cybersecurity – hacking into hedge funds. While it may seem like something out of a movie, the reality is that these attacks are happening more and more frequently. We explore how they… Read more: The Dark Side – How to Hack a Hedge Fund
• A Technical Guide to the SEC’s 206(4)-9 Proposed Cybersecurity RulesJuly 6, 2022
  On Feb. 9, 2022, the SEC voted to propose new cybersecurity requirements for investment advisers, investment companies and business development companies known as 206(4)-9. In this technical discussion, we will focus on the new cybersecurity books and records rules found in 206(4)-9 and then… Read more: A Technical Guide to the SEC’s 206(4)-9 Proposed Cybersecurity Rules
• An overview of SEC Cybersecurity Regulation and Compliance Documentation RequirementsJuly 6, 2022
  The SEC has been increasingly focused on cybersecurity in recent years, with multiple rounds of subpoenas, investigations, and examinations. In this video, we provide an overview of the SEC’s cybersecurity regulation and compliance documentation requirements as it relates to RIAs, Hedge Funds, Family Offices,… Read more: An overview of SEC Cybersecurity Regulation and Compliance Documentation Requirements
• 12 Solid Cybersecurity Steps for All SEC Registered FirmsJuly 6, 2022
  Step 1: Install and maintain a firewall to protect data. Step 2: Change default (vendor supplied) passwords on all firm devices and systems. Step 3: Encrypt all hard drives. Step 4: Encrypt transmission (internal or external) of client data. Step 5: Use AntiVirus and… Read more: 12 Solid Cybersecurity Steps for All SEC Registered Firms
• 21 Steps to Secure your RIA’s Wifi Router.June 24, 2022
  1. Change the default password and user id – new one should be at least 16 characters long. 2. Turn off WPS 3. Turn off UPnP 4. Turn off NAT-PMP 5. Wi-Fi encryption should be WPA2 with AES. 6. Wi-Fi passwords should be strong… Read more: 21 Steps to Secure your RIA’s Wifi Router.