Data Breach Prevention and Response

According to the Investment Firm of the Future, a report published by CFA Institute earlier this year, 24% of the organization’s members rated cybersecurity as their firm’s top technology priority.

With the myriad challenges facing investment professionals in 2018, that’s a striking number.

What to do? E.J. Yerzak, Director of Cyber IT Services for Ascendant Compliance Management, a CSS Company, and Shield, a CSS solution, recently sat down with CFA Institute to discuss planning, protocols, prioritization and more.

A short excerpt:

“It’s one thing to have a documented plan on paper. Until you put it to the test with war games or tabletop exercises, you may not realize that there are some unforeseen situations that may arise.

War-gaming your incident response plan can do wonders for assessing how reasonable it is. Again, you can’t anticipate everything under the sun, but have you anticipated all likely scenarios?

When you start putting the incident response plan to the test . . . someone at the table may say, “Hey, what about this system over here? Our series of five steps here didn’t anticipate that we need to pull backups from system A, and that system A can’t talk to system B unless we’ve done steps one, two, and three over here.” Things like that are important to try to work through in advance.”

You can read the informative interview, “Cybersecurity: The Barbarians are at the Gate,” by clicking here.


For more information on CSS’ cybersecurity solution Shield, click here.


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Loading form...

Latest Content

SEC Retail Investor Focus Turns Towards Registered Investment Companies

Earlier this year when the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced its 2018 examination priorities, OCIE stated that a core priority was to protect retail investors, including seniors and individuals saving for retirement. OCIE is now continuing this effort by focusing on mutual funds and exchanged-traded funds (together, the “Funds”) as the … Continued

SEC Alerts Investment Advisers to Review Solicitor Arrangements

On October 31, OCIE issued a new Risk Alert for investment advisers with solicitor arrangements. The SEC periodically releases risk alerts to notify the industry of deficiencies they are finding during examinations, and this latest alert puts investment advisers with solicitor arrangements on notice to check their solicitor agreements, policies and procedures, and disclosure documents. … Continued

Pennsylvania Sounds Warning Bell Over Client Credentials and Custody

The Pennsylvania Department of Banking and Securities (PDOBS) has indicated in recent guidance two concerns related to investment advisers using client credentials to access a custodial account(s). In the letter dated September 25, 2018, PDOBS indicates that the use of client credentials may create custody and is considered to be a dishonest and unethical practice. … Continued