Financial services organizations trust Cyberstone to help them address cybersecurity risk and adhere to compliance needs.
Investors and Financial Advisors
According to Compliance Programs of Investment Companies and Investment Advisers, the SEC “expects that an adviser’s policies and procedures, at a minimum, should address the following issues to the extent that they are relevant to that adviser:
- Safeguarding of client assets from conversion or inappropriate use by advisory personnel;
- The accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction;
- Safeguards for the privacy protection of client records and information; and
- Business continuity plans.
Additionally, new rule 38a-1 (for funds) and amendments to rule 204-2 (for advisers) require firms to maintain copies of all policies and procedures that are in effect or were in effect at any time during the last five years.
In late 2017, the SEC issued a report on the state of cybersecurity for a subset of SEC-regulated organizations, and released this findings document which firmly suggests that investment advisors do what Cyberstone offers, namely security and gap analyses, penetration testing, and written cybersecurity policies.
Banks and Credit Unions
Cyberstone’s cybersecurity team has a rich history helping banks and credit unions. One of the primary drivers for cybersecurity services in these institutions is the Payment Card Industry’s Data Security Standard (aka PCI-DSS). According to the PCI-DSS v3.2 Quick Reference Guide, “occasionally lax security by some merchants enables criminals to easily steal and use personal consumer financial information from payment card transactions and processing systems.”
We realize that PCI DSS compliance is a continuous process involving assessment, adjustment, and reporting on an ongoing basis. Cyberstone can help banks and credit unions with any of the 12 PCI requirements.
Goals PCI DSS Requirements
Build & maintain secure networks and systems
1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect cardholder data
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a vulnerability management program
5. Protect all systems against malware and regularly update antivirus software or programs
6. Develop and maintain secure systems and applications
Implement strong access control measures
7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
9. Restrict physical access to cardholder data
Regularly monitor and test networks
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an information security policy
12. Maintain a policy that addresses information security for all personnel
From building a secure environment at the outset to performing regular penetration testing and vulnerability assessments, to tweaking written cybersecurity policies, Cyberstone has you covered.