Author: Curtis
-
Securing Microsoft OneDrive: AGRC-Focused Approach toAccess Control
Access control isn’t just a technical requirement—it’s the cornerstone of cybersecurity, especially for organizations managing sensitive financial and client data. For firms using Microsoft OneDrive within their Microsoft 365 environment, proper access controls are more than just best practices—they’re essential for meeting regulatory requirements and avoiding data breaches, compliance failures, or reputational damage. Industries governed… Read more
-
A Comprehensive Roadmap for Data-Centric IT Risk Management in Financial Services
Data has become the lifeblood of the financial industry, particularly for investment advisers, broker-dealers, and investment companies. Managing IT risks associated with data is not just a regulatory necessity; it’s a fundamental component of maintaining client trust and ensuring operational resilience. This article provides a detailed roadmap to build and execute a data-centric IT risk… Read more
-
Essential Cybersecurity Policies for Investment Advisers: Protect Your Firm and Build Client Trust
With cyber threats intensifying across industries, investment advisers face unique vulnerabilities that can compromise sensitive client information, disrupt operations, and damage reputation. The stakes are particularly high in the financial sector, where cybersecurity threats directly impact client trust and regulatory compliance. The 2025 SEC Examination Priorities make it clear: cybersecurity, client data protection, and operational… Read more
-
How Third-Party Vendor Risk Cost Voya Financial Advisers $1,000,000
Financial advisory firms rely heavily on third-party vendors to streamline operations, connect with clients, and enhance service offerings. These vendors, often forming a financial firm’s supply chain, include robo-advisors, customer relationship management (CRM) systems, and other software services critical to client interactions and internal management. However, as the case of Voya Financial Advisors reveals, inadequate… Read more
-
FINRA’s Phishing Guidelines: Essential Strategies for Investment Firms to Stay Protected
Phishing attacks have become one of the most prevalent and dangerous cybersecurity threats facing businesses today, including investment advisor firms. The Financial Industry Regulatory Authority (FINRA) recently issued guidance in response to a phishing campaign that targets financial services firms, underscoring the need for vigilance and robust cybersecurity practices. This article will break down the… Read more
-
5 Essential Cybersecurity Policies Every Investment Advisor Must Add to Their Compliance Manual
Investment advisors face increasing scrutiny from regulatory bodies, such as the SEC and FINRA, regarding cybersecurity practices. Ensuring proper cybersecurity policies are in place is critical to safeguarding sensitive client information and maintaining trust. Moreover, these policies are not only necessary for protecting your firm and clients from data breaches but also for complying with… Read more
-
Ignoring Regulation S-ID Risks Your Clients’ Data- AND Trust
In today’s increasingly digital world, investment advisers and securities professionals are facing relentless challenges from cyberattacks, data breaches, and identity theft attempts. The sensitive information entrusted to you by your clients isn’t just another asset—it’s the lifeblood of your business. Failing to protect it could result in catastrophic consequences, from the collapse of client trust… Read more
-
Understanding the SEC’s Proposed Cybersecurity Rule for Investment Advisers and Registered Investment Companies
The U.S. Securities and Exchange Commission (SEC) has proposed a significant cybersecurity rule (Release No. 33-11028) aimed at registered investment advisers (RIAs), investment companies, and business development companies. This proposed rule underscores the increasing focus on cybersecurity risk management in the financial sector and introduces new requirements for firms to strengthen their cybersecurity posture. The… Read more
-
Understanding the SEC’s Proposed Cybersecurity Rule for Broker-Dealers and Other Entities
The U.S. Securities and Exchange Commission (SEC) has introduced a proposed rule (Release No. 34-97142) aimed at strengthening the cybersecurity framework for broker-dealers, clearing agencies, and other regulated entities. The rule addresses increasing cybersecurity risks by requiring organizations to implement formal cybersecurity risk management policies and procedures, report incidents, and disclose cybersecurity risks and incidents… Read more
-
Understanding the Difference Between the NIST Risk Management Framework (RMF) and NIST Cybersecurity Framework (CSF) and Adoption Guidance for Financial Advisor Firms
In an era where financial firms, including registered investment advisors (RIAs), must comply with stringent cybersecurity regulations, understanding effective cybersecurity frameworks is crucial. Two of the most widely recognized frameworks for managing cybersecurity risks are the NIST Risk Management Framework (RMF) and the NIST Cybersecurity Framework (CSF). While both frameworks originate from the National Institute… Read more