Analysis of fi360 Fiduciary Score®: “Red is STOP, Green is GO”
Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts...
-
Upload
duongthien -
Category
Documents
-
view
226 -
download
2
Transcript of Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts...
![Page 1: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/1.jpg)
![Page 2: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/2.jpg)
Cybersecurity: What advisors need to know
about protecting dataAugust 23, 2016
Blaine Aikin, AIFA®, CFA, CFP®
Executive Chairman, fi360
and
Wes Stillman
Founder and President, Rightsize Solutions
![Page 3: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/3.jpg)
Is cybersecurity a fiduciary duty?• Laws and regulations have not settled this question definitively• The answer lies in the duty of care, prudent person rule
A fiduciary is required to act with the care, skill, prudence, and diligence under the circumstances then prevailing that a prudent person acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of a like character with like aims.
• “Industry norms and practices inform and give context to the duty of care.” – Robert Sitkoff
• Norms and practices are increasingly being defined• Investment fiduciaries should assure that a credible approach to manage cyber
threats is in place
© 2016 fi360 Inc. All Rights Reserved.
![Page 4: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/4.jpg)
Growing SEC interest• Convened a “Cybersecurity Roundtable” in 2004 to identify and
promote industry best practices• Cybersecurity has been an examination priority since 2014• A series of examinations have been undertaken to assess cybersecurity
risks and preparedness in the securities industry• Risk Alerts have been issued based upon these examinations with six
focus areas highlighted• Governance and risk assessments• Access rights and controls• Data loss prevention• Vendor management• Training• Incident response
© 2016 fi360 Inc. All Rights Reserved.
![Page 5: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/5.jpg)
Six steps towards fiduciary readiness
1. Build awareness of cybersecurity issues and management principles— National Institute of Security and Technology (NIST)— U.S. Federal Financial Institutions Examination Council
2. Assess cyber risks; prioritize and scale attention accordingly
3. Establish due diligence criteria for vendor selection and monitoring
4. Document a management plan and decision-making processes
5. Stay current on regulatory and marketplace developments
6. Recognize the obligation to be reasonable, not infallible. Follow industry norms and do business with reputable firms.
© 2016 fi360 Inc. All Rights Reserved.
![Page 6: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/6.jpg)
![Page 7: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/7.jpg)
WES STILLMAN INTRODUCTION
7
Featured In
30 YEARS IN IT/CYBER
SECURITY FIELD
1 2 3
WEALTH MANAGEMENT
INDUSTRY FOCUS
FOUNDEDRIGHTSIZE
SOLUTIONS IN 2002
![Page 8: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/8.jpg)
Source: www.norsecorp.com
21ST CENTURY DATA BREACHES
8
![Page 9: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/9.jpg)
2015 HEADLINES
9
![Page 10: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/10.jpg)
FINANCIAL SERVICES NOT IMMUNE
10
![Page 11: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/11.jpg)
RIAs: EASY TARGETS
11
Bang for the buck
Less operational procedures
Weak passwords
Hard to detect intrusions
Unprotected devices
Browser vulnerability
Malicious email code
Small to mid-sized businesses
![Page 12: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/12.jpg)
HACKERS: WHO, WHAT & WHY?
Data Theft
Criminal Organizations
Financial Gain
Personal Nemesis
Hactivism
Professional Data Thieves
Using Your PC to attack others
State Espionage
12
![Page 13: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/13.jpg)
THE WHITE HOUSE POLICY
13
…the policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment…
–President Obama - Executive Order: 13636, 2/12/13
![Page 14: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/14.jpg)
TOOLS OF THE TRADE
ANTI-VIRUS
CONTENT FILTERING
ANTI-SPAM
MALWARE PREVENTION
14
Foundational and necessary, BUT…..
![Page 15: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/15.jpg)
HUMANS: THE WEAK LINK
15
90% of all malware requires human
interaction to get started
01 02 03
Convenienceover security
Social engineering: Most of the time phishing
email, but can be very sophisticated
![Page 16: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/16.jpg)
PHISHING
16
Social Engineering
1
Fake Web Sites and emails that look real
Trusted sites you use all the time
Email from those you know and trust
Usually a sense of urgency
Unusual request from a trusted source
Something just not quite right
Something may be misspelled
2
3
4
5
6
7
8
![Page 17: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/17.jpg)
RANSOMWARE
Phishing emails enable ransomware
The most destructive attack ever
Uses encryption software, but malevolently
MUST control who has admin permissions
17
![Page 18: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/18.jpg)
YOU ARE A TARGET
SECURITY POLICY, COMPLIANCE, AWARENESS
Are policies up to date?
Are new technologies, data, hires being accounted for?
What new regulatory items need attention?
Think before you click!
01
02
03
18
![Page 19: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/19.jpg)
20TH CENTURY DATA BREACHES
19
Don’t tell anyone your
password
No passwords on Post-its
Don’t reuse passwords
![Page 20: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/20.jpg)
BYOD
Inventory control
Increased capabilities come with increased risks
Security configuration
Devices connecting to unmanaged networks
Organizational data on personal networks
20
WHAT IS BYOD?AND WHY IS IT IMPORTANT?
![Page 21: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/21.jpg)
MULTI-FACTOR AUTHENTICATION
P A S S W O R DP R O O F
A C C E S S
21
Best technology available
Necessary to prevent unauthorized
use of credentials
Multi-Factor authentication is a Must and should protect
ALL applications
Source: http://www.it.northwestern.edu/ecomm/2015-winter/students/multifactor.html
![Page 22: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/22.jpg)
WHERE CAN YOUR FIRM IMPROVE
Culture of Awareness• Awareness training• Device management• Admin permissions
Prevention & Detection Technology• Set your software foundation• Encryption• MFA
Preparation & Contingency Planning• Backup your data• Create a disaster readiness plan• Set standards for communication
THE SWEET SPOT
22
1
2
3
![Page 23: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/23.jpg)
BACKUP & CONTINGENCY PLANNING
23
60%HUMAN ERROR
10%EARTHQUAKES
29%POWER OUTAGES
56%UNEXPECTEDUPDATES & PATCHES
10%FIRE OR EXPLOSIONS
29%SERVER ROOM ISSUES
![Page 24: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/24.jpg)
Survey Your Technology
Infrastructure
10 TIPS TO KEEP YOUR BUSINESS SAFER
24
1 2 43 5 6 87 109
Enforce Password Best
Practices
Consider Multi-factor
Authentication
Set Up Awareness
Training
Run a Mock Disaster
Recovery
Use Encrypted Email
Consider Advanced
Password Vault
Create a Cyber-security
Policy
Re-visit your BYOD Policy
Separate Business & Personal
![Page 25: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/25.jpg)
WE CAN HELP
25
A military-grade shield for
cybersecurity
Downtime reduction to maximize productivity
A server-free and cost efficient
platform
Compliance with the regulatory environment
A dedicated IT resource extension
to your team
CYBERSECURITY BACKUP & RECOVERY PRIVATE CLOUD COMPLIANCE IT MANAGEMENT
![Page 26: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/26.jpg)
TECHNOLOGY ASSESSMENT • Free to Webinar Attendees ($500 value)• 45 Minute Consultation• Complete Assessment of Technology Environment
SUBSCRIBE TO OUR NEWSLETTER• Sign up at http://www.rightsize-solutions.com• Monthly Blog Posts and Articles• Cybersecurity News Commentary
![Page 27: Cybersecurity - Fi360 Aikin, AIFA®, ... POWER OUTAGES. 56% UNEXPECTED ... • Monthly Blog Posts and Articles • Cybersecurity News Commentary WES STILLMAN.](https://reader030.fdocuments.in/reader030/viewer/2022021511/5acecb687f8b9a8b1e8be7fe/html5/thumbnails/27.jpg)
© 2016 fi360 Inc. All Rights Reserved.
QuestionsAdditional information on fiduciary trends can be found at
fi360 Fiduciary Talk Podcastwww.fi360.com/fiduciarytalk
Also available on iTunesand
fi360 Blogwww.fi360.com/blog
Questions about the content of this webinar or CE can be directed to [email protected].