Tag: cybersecurity

The Door is Wide Open: Unpatched Security Flaw Leads to Leak of Login Credentials for 900+ Enterprise VPNs

A popular brand of VPN software recently had usernames, passwords, and IP addresses published on a dark web hacker forum frequented by ransomware gangs. I first wrote about this issue in July 2019. At the time, various VPN appliances from three well known and highly used vendors were vulnerable to a critical vulnerability which could … Continued

Breakdown of OCIE’s COVID-19 Compliance Risks Alert

The SEC’s “Office of Compliance Inspections and Examinations (“OCIE”) issued an Alert today regarding “Select COVID-19 Compliance Risks for Investment Advisers and Broker-Dealers.” OCIE shared observations regarding six broad categories: protection of investors’ assets; supervision of personnel; practices relating to fees, expenses, and financial transactions; investment fraud; business continuity; and the protection of investor and … Continued

SEC Issues New Cyber Risk Alert to Financial Firms

Financial firms have a bigger target on their backs at the moment, according to a new risk alert issued July 10, 2020 by the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE).  This new risk alert on ransomware cautions investment advisers, broker-dealers, and investment companies that OCIE has recently observed a marked … Continued

FINRA Enhanced Security Features for Super Account Administrators (SAAs) and Account Administrators (AAs)

FINRA recently deployed a new security feature for users of the Web CRD and IARD systems which is being rolled out to firms in phases over the next several months. FINRA is implementing Multi-Factor Authentication (MFA) which will add an additional layer of security for Super Account Administrators (SAAs) and Account Administrators (AAs) verifying their … Continued

Where Are Your Cybersecurity Blindspots with COVID-19?

Google Data Reveals 350% Surge In Phishing Websites During Coronavirus Pandemic More financial firms have shifted to a remote workforce in the midst of the COVID-19 pandemic. While the availability of VPNs and cloud-based services has enabled firms to continue operating, the paradigm shift to an entire staff working from home has not come without … Continued

SEC Releases More Cyber Best Practices, Including Surprise Additions

In advance of National Data Privacy Day today, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has just released a new summary of cybersecurity best practices it has observed over the course of thousands of examinations it has conducted over the past few years. In its Cybersecurity and Resiliency Observations, OCIE … Continued

Compliance Lessons Learned in 2019

Now that we are in mid-January, a few things are evident. We have likely broken one or more New Year’s resolutions, the effect of any rest over the holidays has worn off and we need to complete our annual compliance reviews for 2019 and firm up our 2020 plans. While I don’t have solid advice … Continued

Countdown to CCPA: Are You Ready to Comply with New Data Privacy Requirements?

With less than one month before the California Consumer Privacy Act (CCPA) is effective, companies are preparing to update their cybersecurity programs. Many must address the regulation’s new data privacy requirements, which have caught some financial institutions off guard. Modeled to some extent after the European Union’s General Data Protection Regulation (GDPR), the CCPA provides … Continued

Recent Privacy Law Changes for Advisers a Focus of Cyber Discussion in Scottsdale

Regulators and legislators certainly have been busy in 2019, leaving little breathing room for financial firms. More data privacy laws are on the horizon, particularly at the state level, with some very real implications for SEC-registered investment advisers. That was the key message from the “Regulatory Update on Privacy Regulations and Cybersecurity” panel during the … Continued

Virginia Investment Adviser Rules Amended – September 16, 2019 Compliance Date

Last week we discussed the changes to the Massachusetts IA Disclosure Rule. That is not the only state legislature that has been busy. On August 21, 2019, the Virginia State Corporation Commission adopted revisions to Chapters 20, 30, 45, and 80 of Title 21 of the Virginia Administrative Code. The amendments impact Virginia state registered … Continued

CFTC Orders Firm to Pay $1.5 Million in Connection with Phishing Cyber Breach, Cites Inadequate Cyber Training

The Commodity Futures Trading Commission (CFTC) isn’t holding back when it comes to holding firms accountable for protecting their client’s funds and information. On September 12, 2019, the CFTC issued an order bringing proceedings against a registrant to the tune of $1.5 million US relating to claims that the registrant violated Commission Regulations 166.3 and … Continued

Cayman Islands Data Protection Law Nears Taking Effect

Cybersecurity regulations have landed ashore on the islands, and life is about to become anything but a beach for firms forced to comply with the Cayman Islands’ new Data Protection Law (DPL), slated to take effect September 30, 2019. With provisions largely mirroring the EU’s General Data Protection Regulation (GDPR), entities with a presence or … Continued


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.


Mailing List