Posts By: Michael Farrell

FAQs From the Cyber Desk

Cybersecurity is a fast-moving target, so it is not uncommon for firms to have questions when it comes to assessing and understanding their cybersecurity risks. Here at CSS we receive a lot of cybersecurity questions, so we thought we would take the time to answer 10 of the most common Frequently Asked Questions. (1) What … Continued

First Charges Filed Under NYDFS Cybersecurity Regulations

On July 21, 2020, The New York State Department of Financial Services (NYDFS) filed its first charges under its Cybersecurity Regulation, 23 NYCRR Part 500 (Cybersecurity Regulation), which went into full effect March 2019. The Cybersecurity Regulation requires financial institutions regulated by the NYDFS to establish and maintain a cybersecurity program designed to protect the … Continued

The Door is Wide Open: Unpatched Security Flaw Leads to Leak of Login Credentials for 900+ Enterprise VPNs

A popular brand of VPN software recently had usernames, passwords, and IP addresses published on a dark web hacker forum frequented by ransomware gangs. I first wrote about this issue in July 2019. At the time, various VPN appliances from three well known and highly used vendors were vulnerable to a critical vulnerability which could … Continued

Serious Security Flaw Discovered in Three Widely Used VPNs – Update Now!

Virtual Private Networks (“VPNs”) are a secure way for employees to access firm files remotely, whether working from a home office or while travelling. They work by creating an encrypted connection from a laptop or PC to a firm’s server and allowing users to securely access and transfer files while out of the office. Access … Continued


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.


Mailing List