The Safeguards Rule A recent SEC ruling could inform future cybersecurity cases relating to how financial investment firms must secure their users’ personal accounts. In enforcement actions taken against eight different firms, the SEC announced on August 30, 2021, that each firm had violated the ‘Safeguards Rule’ for failing to protect against account takeover. Rule 30(a) of Regulation S-P, commonly known as the …
What’s Missing from New FINRA Guidance
In a recent release, the Financial Industry Regulatory Authority (FINRA) provided insight into the increasing frequency of occurrences of Account Takeover (ATO) within the financial industry. The report also produced guidance for organizations looking to tighten their cybersecurity, but no direction was provided regarding the growing issue of password hygiene. ATO: What’s really happening? When hackers gain unauthorized access to …
Firm Cybersecurity: Professional Services Firms are Vulnerable Targets
What Can Professional Services Firms Do to Protect Themselves from Cybersecurity Threats? Cybercriminals are frequently targeting mid-sized, service-based businesses such as law firms, accounting firms, and financial services firms at unprecedented rates. While the news is full of stories of high-profile data breaches affecting the likes of Facebook, Google, Marriott, MyFitnessPal, and other prominent companies; this focus on large companies …
Protecting Employee Passwords in the Financial Services Industry
One of the most common threat vectors plaguing financial services institutions is the employee password. How can financial services institutions can better protect employee passwords? Banks, credit unions, investment companies, and other financial services organizations are facing an ever-growing threat from cybercriminals. In 2019, we have seen many high-profile data breaches hit financial organizations, resulting in financial repercussions and damaged …
5 Industries at Risk for Credential Stuffing and ATO
All industries are targets for cyber-attacks, but some are more targeted due to the value of the accounts. Five industries in particular are more at-risk for credential stuffing and account takeover (ATO) attacks. Here is why. With articles coming out daily on new data breaches and leaks, perhaps you heard about the account takeover attacks at Basecamp, Dunkin Donuts, or …