Academy Blog

FPA Forum - Cyber Security


FPA of Colorado with Arlene Moss, XYPN Executive Business Coach 


FPA of Colorado had their fall forum in September. My favorite session was from Herb Minder, of Complete Technology Solutions, LLC. Herb started with some classic questions on what we would do if we received a variety of phishing emails, found USB sticks, and other tidbits to get us comfortable. We were feeling pretty coy and then he hit us with the greater details. It isn’t enough to know you should not pick up a USB drive in a parking lot and use it. There are other concerns for your firm.


Did you know that FINRA Regulation S-P (17 CFR §248.30) requires firms to adopt written policies and procedures to protect customer information against cyber-attacks and other forms of unauthorized access and Regulation S-ID (17 CFR §248.201-202) outlines a firm's duties regarding the detection, prevention, and mitigation of identity theft?


Luckily you can find a handy checklist on the FINRA site: http://www.finra.org/sites/default/files/smallfirm_cybersecurity_checklist.xlsx


Among other things this checklist will help you to:

  • identify and assess cybersecurity threats
  • protect assets from cyber intrusions  
  • detect when their systems and assets have been compromised
  • plan for the response when a compromise occurs
  • implement a plan to recover lost, stolen, or unavailable assets

There are new threats every day, so simply recognizing a phishing expedition isn’t enough any more. There are other forms of social engineering that can trick you into revealing confidential information. This segment offered a bit more fear than solutions -- but encouraged us to research and be aware:


Social Engineering:  Manipulation of people into performing actions or divulging confidential information, such as phishing, good old SPAM
Malware: Software intended to damage or disable computers and computer systems
Crypto Currency: Block-Chain Technology (e.g. BitCoin), the currency of the dark web.
Cyber Extortion: Ransomware, such as WannaCry or CryptoWall
Dark Web: Web servers that require special software to access (e.g. Tor Browser),

What the heck are we to do?


Keep learning! Technology changes all the time and you have to keep up.
Hire a professional -- not a hobbyist who’s “good with computers.” I love your cousin’s vet’s girlfriend as much as the next person, but what are her qualifications?
Look for a Managed Security Services Provider  (MSSP)with MSP/Cloud Verify Certification. That professional should be running annual assessments and monthly or quarterly audits on your system.

But wait there’s more! Here are a few additional resources for you to check out as you plan for a most secure business:


http://www.finra.org/industry/cybersecurity 
https://www.sec.gov/investment/im-guidance-2015-02.pdf 
https://www.colorado.gov/pacific/dora/securities-law-rules 


Next week: Hear about Arlene’s session with Coach Phillip Fulmer of the University of Tennessee at the FPA Annual Conference in Nashville.

 

Arlene Moss is XYPN’s Executive Business Coach. Arlene gets a kick out of helping financial advisors get over being overwhelmed and take on their frustrations so their businesses soar. Arlene works to ensure XYPN members are able to help their clients prosper while creating a sustainable business model. Through XYPN Academy and one-on-one coaching, members get the support they need to grow their businesses and overcome the challenges that come their way.

When not motivating clients and cooking up new ideas to help XYPN member success, you can find Arlene on her road bike, or trying to master the art of tandem cycling without destroying her marriage. In the winter months, she gets to the ski slopes as much as possible, hunting hidden bits of fresh powder amid the trees of Breckenridge.

If you'd like to learn more about Arlene's member-exclusive executive coaching services click here.