By Cory Roberson, Principal at RIA Review and RIA Consults
Yesterday, in the second incident this
year, we witnessed a laptop theft at a coffee shop in the bay area. We suspect this is a part of a larger theft
ring in which police recently discovered more than $2 million in stolen laptops
packaged to ship from the Port of Oakland to Vietnam.
If you choose to work remotely, here are
a few steps you can take to protect your laptop data.
Purchase a tracking & erase software
program.
Purchase a lock and cable.
Carry laptop with you when you order
food, drinks, or even go to the bathroom.
Use password lock feature when laptop is
in sleep mode.
And lastly, for safety purposes, avoid vigilante justice since the thieves tend to work in
groups and they may carry a weapon.
SEC: Observations on data protection
On May 12, 2017, the SEC Office of
Inspections and Compliance Examinations (OICE) staff issued a response to a
recent ransomware attack (WannaCry,
WCry, or Wanna Decryptor) that affected data systems in more
than 100 countries.
In the examination of IT practices of 75
advisors, broker-dealers, and mutual fund companies,
SEC staff discovered the
following results:
5% of broker-dealers and 26% of investment advisors did not
conduct a risk assessment.
5% of broker-dealers and 57% of investment advisors did not
conduct penetration tests.
All brokers-dealers and 96% of investment advisors perform system
maintenance checks.
10% of broker-dealers and 4% of firms were missing software
updates/security patches.
Best
Practices for security
We recommend that advisors who use laptops in remote settings add policies and procedures to safeguard client
information in case of a theft.
A few places to add procedures would be:
Cybersecurity Plan – add use of laptops to risk
assessment.
Code of Ethics – training employees.
Code of Ethics – training employees.
Privacy Policy – informing clients of methods for data protection
or security.
Compliance and Business Management
FIN Compliance (FINCompliance.io) is a
consortium of compliance services including: RIA Consults-Roberson Consults
Group, a compliance consulting firm, RIA Review, a compliance-management
software tool (SaaS), B-D Review, a RIA/Broker-Dealer compliance management
software tool, and FINLancer is a business
management portal featuring: E-signature tools; Invoicing integration,
Vendor Directory, continuity directory*, business client document portal, and
more (available by Q3 2019). Access all services
on one site: FINCompliance.io.
Impact
FIN Missions (FINmissions.com) provides business support group
sessions for other entrepreneurs. In addition, Cory has volunteered
for more than fifteen youth programs in locations such as like S. Korea, China,
S. Africa, Thailand, and India.
No comments:
Post a Comment