The Financial Industry Regulatory Authority (FINRA) has shared its Report on Selected Cybersecurity Practices — 2018.  This report focuses on firms’ primary challenges and most frequent Cybersecurity findings from FINRA’s examination program. The report highlights the importance of Data Loss Prevention (DLP), Security Information and Event Management (SIEM) Solutions, Penetration Testing and Cybersecurity Training within the firm.

#cyberSecurity #alwaysLeading #getTier1Net

SEC Office of Compliance Inspections and Examinations Announces 2019 Examination Priorities

FOR IMMEDIATE RELEASE
2018-299

Washington D.C., Dec. 20, 2018 —
The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) today announced its 2019 examination priorities. OCIE publishes its exam priorities annually to promote transparency of its examination program and provide insights into the areas it believes present potentially heightened risk to investors or the integrity of the U.S. capital markets. This year, particular emphasis will be on digital assets, cybersecurity, and matters of importance to retail investors, including fees, expenses, and conflicts of interest.

“OCIE continues to thoughtfully approach its examination program, leveraging technology and the SEC staff’s industry expertise,” said SEC Chairman Jay Clayton. “As these examination priorities show, OCIE will maintain its focus on critical market infrastructure and Main Street investors in 2019.”

“OCIE is steadfast in its commitment to protect investors, ensure market integrity and support responsible capital formation through risk-focused strategies that improve compliance, prevent fraud, monitor risk, and inform policy. We believe our ongoing efforts to improve risk assessment and maintain an open dialogue with market participants advance these goals to the benefit of investors and the U.S. capital markets,” said OCIE Director Pete Driscoll.

This year, OCIE’s examination priorities are broken down into six categories: (1) compliance and risk at registrants responsible for critical market infrastructure; (2) matters of importance to retail investors, including seniors and those saving for retirement; (3) FINRA and MSRB; (4) digital assets; (5) cybersecurity; and (6) anti-money laundering programs.

Compliance and Risks in Critical Market Infrastructure – OCIE will continue to examine entities that provide services critical to the proper functioning of capital markets. OCIE will conduct examinations of these firms which include, among others, clearing agencies, national securities exchanges, and transfer agents, focusing on certain aspects of their operations and compliance with recently effective rules.

Retail Investors, Including Seniors and Those Saving for Retirement – Protecting Main Street investors continues to be a priority in 2019. OCIE will focus examinations on the disclosure and calculation of fees, expenses, and other charges investors pay, the supervision of representatives selling products and services to investors, broker-dealers entrusted with customer assets, and portfolio management and trading.

FINRA and MSRB – OCIE will continue its oversight of FINRA by focusing examinations on FINRA’s operations and regulatory programs and the quality of FINRA’s examinations of broker-dealers and municipal advisors. OCIE will also examine MSRB to evaluate the effectiveness of select operations and internal policies, procedures, and controls.

Cybersecurity – Each of OCIE’s examination programs will prioritize cybersecurity with an emphasis on, among other things, proper configuration of network storage devices, information security governance, and policies and procedures related to retail trading information security.

Anti-Money Laundering Programs – Examiners will review for compliance with applicable anti-money laundering requirements, including whether firms are appropriately adapting their AML programs to address their regulatory obligations.

The published priorities for 2019 are not exhaustive and will not be the only issues OCIE addresses in its examinations, Risk Alerts, and investor and industry outreach. While the priorities drive OCIE’s examinations, the scope of any examination is determined through a risk-based approach that includes analysis of the registrant’s operations, products offered, and other factors.

The collaborative effort to formulate the annual examination priorities starts with feedback from examination staff, who are uniquely positioned to identify the practices, products, and services that may pose significant risk to investors or the financial markets. OCIE staff also seek advice of the Chairman and Commissioners, staff from other SEC divisions and offices, and the SEC’s fellow regulators.

OCIE is responsible for conducting examinations of entities registered with the SEC, including more than 13,200 investment advisers, approximately 10,000 mutual funds and exchange traded funds, roughly 3,800 broker-dealers, about 330 transfer agents, seven active clearing agencies, 21 national securities exchanges, nearly 600 municipal advisors, FINRA, the MSRB, the Securities Investor Protection Corporation, and the Public Company Accounting Oversight Board, among others. The results of OCIE’s examinations are used by the SEC to inform rule-making initiatives, identify and monitor risks, improve industry practices, and pursue misconduct.

https://www.sec.gov/news/press-release/2018-299

With $13 billion of expected sales occurring between Thanksgiving Day and Cyber Monday consumers are especially susceptible to phishing attacks due to their eagerness to win the day with that “too good to be true” sale.   Cyber criminals capitalize on this prime opportunity by launching newly acquired cyber weapons which leverage advanced artificial intelligence at rates previously unseen.    According to the SonicWall Capture Labs Threat Research Team cybercriminals launched more than 113 million malware attacks on Cyber Monday last year and ransomware attacks spiked 127%, a 4.4x increase over the yearly average.

It is essential for your organization to leverage a multi-layered Cybersecurity platform.  Tier1Net’s Cybersecurity Business Operating Platform for Financial Services Organizations includes multiple distinct layers of Hybrid Artificial Intelligence and Advanced Machine Learning technologies to defend against these advanced Cyber Attacks.

Two unique technologies integrated into Tier1Net’s Cybersecurity Business Operating Platform for Financial Services Organizations to meet this challenge are SonicWall’s Advanced Threat Protection (ATP) and Real-Time Deep Memory Inspection technologies. SonicWall’s ATP provides multi-engine sandboxing to identify and block never-before-seen cyber attacks. SonicWall’s patent pending Real-Time Deep Memory Inspection technology identifies and stops difficult-to-find threats hidden in memory where malware’s weaponry is exposed for less than 100 nanoseconds.

If you are a looking for a holistic Cybersecurity solution customized to address the challenges facing the financial services industry please contact Tier1Net at 781-935-8050 to inquire about our Cybersecurity Business Operating Platform for Financial Services Organizations.

#alwaysahead   #alwaysleading  #cybermonday

Tier1Net is proud to have supported It Starts With ME’s 11th Annual Thanksgiving Drive for the 2nd year in a row!

Spearheaded by Melanie McKinnon of Salem, founder of It Starts With ME, this event started in 2008 as a small group effort that provided nine families everything they needed to cook an entire traditional Thanksgiving dinner. Over the past 11 years, it has grown to be a community wide drive that provides Thanksgiving meals to people identified through the local schools, churches and Veteran agencies.  Melanie’s amazing army of volunteers collect and sort donations and each box is carefully compiled in her (well-organized!) garage. Meals are delivered the Tuesday before Thanksgiving. With Melanie’s infectious enthusiasm leading the charge they reached their goal to help almost 500 local families and Veterans this year. In the past three months $15,000 in monetary donations and over 12,000 individual items were collected and will feed over 9500 individuals.

For more information visit https://iswmcharity.com/events/ or follow It Starts with ME on Facebook


Recently, Cybersecurity experts Marc Capobianco and Patrick Ramsdell presented at a conference regarding the future of Cybersecurity at The Exchange (formerly Advent User’s Group) technology round table.  The sold out event was attended by many of Boston’s prominent Wealth Management firms.

 2018 will go on record as one of the worst years for data breaches with over 3600 breaches reported involving more than 3.6 Billion records.  Cybercriminals have rapidly acquired new cyber weapons and modified the ways they launch cyberattacks.

Weapons and attack capabilities that were previously only used by large-scale nation-state operations are now falling into the hands of the everyday criminals.  43% of these attacks target small businesses. Today’s attackers are more sophisticated and capable of exploiting weaknesses at previously unseen speed and scale.

The average security incident takes 240 days to detect and 87% of these incidents are first discovered by external sources. As such the need for advanced detection and response technologies is greater than ever.

 Tier1Net discussed the benefits of its Cybersecurity Business Operating Platform for Financial Services Organizations.  This advanced platform meets the current regulations, is ahead of newly proposed compliance regulations and includes four distinct tiers leveraging Hybrid Artificial intelligence and Advanced Machine Learning technologies.

 What attendees had to say:

 “A truly enlightening session.  Tier1Net presented a detailed overview of cybersecurity trends combined with specific examples of attacks they are currently seeing targeting financial firms.  With each example they explained strategies and solutions they can offer to stay ahead of these threats and also meet current and upcoming compliance regulations.  Its clear Tier1Net understands the challenges firms like ours face.”     ~ Kristin Vespucci-Case, Boston Financial Management

“Tier1Net’s cybersecurity roundtable was very informative. Not only did they give us an update on the current cyber landscape but they also provided us with some practical solutions that were appropriate for a company of our size. It was time well spent!”   ~ Patricia Melnick, Prio Wealth

If you are a financial service firm in need of guidance regarding Cybersecurity Best Practices and Compliance, please contact Tier1Net at 781-935-8050 to inquire about our Cybersecurity Business Operating Platform for Financial Services Organizations.

 

Tier1Net welcomes Virakmony “Richie” Richard to the team! Our newest Junior Help Desk engineer is pursuing a degree in Information Technology with an emphasis on Cyber Security. He has been building computers with his dad since he was 7 years old and comes to us with a range of interests that include hardware configurations, software deployment,  programming, and gaming.  We are very excited to have him here at Tier1Net.

With the widespread adoption of Windows 10 Microsoft has changed its former strategy of releasing new Operating Systems every few years.  In its place they have moved to a new strategy named Windows-as-a-Service.  With Windows-as-a-Service Microsoft will continuously update Windows 10 with feature updates.  These feature updates will be released twice a year, usually around March and September, and are more than a typical Windows Update as they include additional Operating System functionality and enhancements.

Consequently, Tier1Net will automate the deployment of Windows 10 feature updates to its customer’s devices via its patch management services.  This will ensure Operating Systems stay current and continue to receive monthly security patches from Microsoft.  As these updates are significant its possible that end users may notice several changes with each new release.  Also, end users may notice that their PC takes several minutes to log on once a feature update has been installed.  The updated PC will post a notification to the user and it is critical that the PC be allowed to complete the update without interruption.With this new strategy Microsoft has also reduced the number of years it will support a version of Windows 10.  As each new version is released it has a support lifetime of only 12-18 months.  With the end of a particular Windows 10 version’s support Microsoft will no longer release new security patches or updates.  As such it is critical to keep all instances of Windows 10 current.

For more information on Microsoft Windows-as-a-Service see https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview

 

 

 

 

 

 

 

 

 

 

 

Tier1Net is proud to announce that we have expanded our team to include a dedicated Finance Associate. We recently hired Pat O’Donnell for this exciting new position. Pat has a degree in Economics from Merrimack College and experience with Accounting and Customer Relations.  In the coming months Pat will be working to streamline our purchasing, renewal and invoicing processes to better serve all of our wonderful clients.

Background

Tier1Net has been notified by its preferred Certificate Authority, Thawte, that all SSL certificates must be reissued and validated by its new parent company, Digicert.

Impact

Impacted SSL certificates are still secure and are not vulnerable to any exploits.  If the SSL certificate were not reissued it would simply post a certificate error when loaded within Google’s Chrome web browser.

Next Steps

In the coming weeks Tier1Net will be reissuing the appropriate SSL certificates on your behalf.  Prior to reissuing the SSL certificate a Tier1Net engineer will notify of you that a Digicert representative may contact you to validate the reissued SSL certificate.

For more information on this issue please click here.

Should you have any questions or concerns please open a ticket with Tier1Net by emailing help@tier1net.net and reference Master Ticket # 81113.

Thank You,
Tier1Net Support
781-935-8050
www.tier1net.com