Data Protection and Laptop Security

By Cory Roberson, Principal at RIA Review and RIA Consults

Data Protection/laptop theft security

Yesterday, in the second incident this year, we witnessed a laptop theft at a coffee shop in the bay area.  We suspect this is a part of a larger theft ring in which police recently discovered more than $2 million in stolen laptops packaged to ship from the Port of Oakland to Vietnam.

If you choose to work remotely, here are a few steps you can take to protect your laptop data.

Purchase a tracking & erase software program.

Purchase a lock and cable.

Carry laptop with you when you order food, drinks, or even go to the bathroom.

Use password lock feature when laptop is in sleep mode.

And lastly, for safety purposes, avoid vigilante justice since the thieves tend to work in groups and they may carry a weapon.

SEC:  Observations on data protection

On May 12, 2017, the SEC Office of Inspections and Compliance Examinations (OICE) staff issued a response to a recent ransomware attack (WannaCry, WCry, or Wanna Decryptor) that affected data systems in more than 100 countries.

In the examination of IT practices of 75 advisors, broker-dealers, and mutual fund companies, 

SEC staff discovered the following results:

5% of broker-dealers and 26% of investment advisors did not conduct a risk assessment.

5% of broker-dealers and 57% of investment advisors did not conduct penetration tests.

All brokers-dealers and 96% of investment advisors perform system maintenance checks.

10% of broker-dealers and 4% of firms were missing software updates/security patches.

Best Practices for security

We recommend that advisors who use laptops in remote settings add policies and procedures to safeguard client information in case of a theft. 

A few places to add procedures would be:

Cybersecurity Plan – add use of laptops to risk assessment.

Code of Ethics – training employees.

Privacy Policy – informing clients of methods for data protection or security. 

Email Us to schedule a brief session to review needs

Compliance and Business Management

FIN Compliance (FINCompliance.io) is a consortium of compliance services including: RIA Consults-Roberson Consults Group, a compliance consulting firm, RIA Review, a compliance-management software tool (SaaS), B-D Review, a RIA/Broker-Dealer compliance management software tool, and FINLancer is a business management portal featuring:  E-signature tools; Invoicing integration, Vendor Directory, continuity directory*, business client document portal, and more (available by Q3 2019).  Access all services on one site: FINCompliance.io.

Impact

FIN Missions (FINmissions.com) provides business support group sessions for other entrepreneurs.  In addition, Cory has volunteered for more than fifteen youth programs in locations such as like S. Korea, China, S. Africa, Thailand, and India.