December 20, 2018

Cybersecurity News Alert December 2018:

On December 20th, the Financial Industry Regulatory Authority (“FINRA”) released a report detailing the effective cybersecurity practices and common risks observed during recent examinations. The report focused on the following key areas:

  1. Branch Controls
  2. Phishing Attacks
  3. Insider Threats
  4. Penetration Testing
  5. Mobile Device Security

Branch Controls: Maintaining rigorous cybersecurity controls are a firms best defense against attacks and human error. Establishing policies, controls, and an overall cybersecurity program promotes firm cybersecurity awareness and fosters a “security first” environment. In this section FINRA reviews:


Nearly one-third of firms face up to 10 cyber attacks – Business Insurance

November 20, 2018

A report by U.K.-based Sapio Research found that more than 30% of local financial firms suffered up to 10 cyber attacks in the last 12 months, reported. The report found that financial firms experienced an average of five attacks apiece. Nearly half of IT executives said that small businesses do not know how to implement or use cyber security software.

Read the Full Story

Lessons From the SEC’s First Red Flags Rule Settlement – The Cybersecurity Law Report

October 10, 2018

SEC’s First Red Flags Rule Settlement: Broker-dealer Voya’s $1-million settlement with the SEC for alleged violations of the Safeguards Rule and the Identity Theft Red Flags Rule shows that the SEC is willing to act when it believes firms could have done more to prevent attacks.

“The SEC expects companies to not only have in place commercially reasonable standards, policies and procedures for cybersecurity, but to implement them along with compliance and audit procedures to assure that they are working as intended,” Jason Elmer, managing partner at Drawbridge Partners, told The Cybersecurity Law Report.

We analyze the case, which involved a network intrusion by people impersonating third-party contractors, and its lessons, including the mistakes Voya made, how companies can avoid them and what the case says about SEC cybersecurity enforcement.

Read full article …

Cybersecurity News Alert – SEC

September 26, 2018

SEC Cybersecurity News Alert: Today, the Securities and Exchange Commission (SEC) announced that a Des Moines-based broker-dealer and investment adviser has agreed to pay $1 million for its failures in cybersecurity policies and procedures surrounding a cyber-breach.


Cybersecurity Risk Alert – Facebook

September 25, 2018

Facebook Cybersecurity Risk Alert: On Tuesday September 25th, Facebook discovered a security breach affecting approximately 50 million users. Attackers exploited a vulnerability in the “View As” feature of Facebook, which allows users to view their profile from the perspective of another user. As a result of the exploit, the attackers stole Facebook access tokens, which could have allowed them to gain control of the user accounts. Access tokens are digital keys that keep users logged in to Facebook and do not require users to re-enter their password every time they use the application.