MTradecraft: Cybersecurity Compliance Tradecraft for SEC and FINRA Registered Investment Firms
Picture
  • Home
  • SEC and FINRA Services
  • Chief Hacking Officer
  • Red Team
  • Penetration Testing
  • Threatwire Articles
    • The SEC OCIE Cybersecurity Observations Decoded
    • The SEC and Cybersecurity Documentation
    • The Dark Web and Advisory Firms
    • DIY Guide to SEC and FINRA Cybersecurity Vulnerability Scanning
    • The Biggest Cybersecurity Mistake
    • Hackers and Remote Workers
    • A Criminal's Retirement Plan
    • Home Security System Hacking
    • IT Asset Inventory
  • Schedule a Meeting

7/16/2019

Simple Cybersecurity Technical Controls for RIAs, IBDs, and Hedge Funds

0 Comments

Read Now
 

Cybersecurity Technical Controls for RIAs, IBDs, and Hedge Funds

Are you a new CCO looking to get your head around your cybersecurity framework or a seasoned pro looking for a checklist?

Either way, these 12 steps help you strengthen your cybersecurity defenses.

To be clear: These are not a "nice to have" or "a cool feature". This stuff is mandatory for ALL firms.
​
  1. Install and maintain firewalls to protect data
  2. Change default passwords on all firm  devices and systems (ESPECIALLY your router and modem)
  3. Encrypt all hard drives.
  4. Encrypt transmission of client data.
  5. Use Antivirus and Antimalware software on all firm devices. Use VPN services for all mobile devices.
  6. Use only software and systems that allow for 2-factor authentication. Physical keys like Yubiko or Thetis are preferred.
  7. Restrict access to sensitive data. Only those with a need get access.
  8. Assign unique usernames to all employees who access your client's data. No sharing of passwords. Ever.
  9. Restrict physical access to the data. Lock your office, enable mobile wipe, GPS tracking, etc.
  10. Monitor and log all access to data and network resources.
  11. Perform vulnerability scans and penetration tests on your network at least annually.
  12. Document Everything! If you don't properly document it, it didn't happen.

​

Share

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

Details

    RSS Feed


Picture
  • Home
  • SEC and FINRA Services
  • Chief Hacking Officer
  • Red Team
  • Penetration Testing
  • Threatwire Articles
    • The SEC OCIE Cybersecurity Observations Decoded
    • The SEC and Cybersecurity Documentation
    • The Dark Web and Advisory Firms
    • DIY Guide to SEC and FINRA Cybersecurity Vulnerability Scanning
    • The Biggest Cybersecurity Mistake
    • Hackers and Remote Workers
    • A Criminal's Retirement Plan
    • Home Security System Hacking
    • IT Asset Inventory
  • Schedule a Meeting