Financial services organizations trust Cyberstone to help them address cybersecurity risk and adhere to compliance needs.
Investors and Financial Advisors
According to Compliance Programs of Investment Companies and Investment Advisers, the SEC “expects that an adviser’s policies and procedures, at a minimum, should address the following issues to the extent that they are relevant to that adviser:
- Safeguarding of client assets from conversion or inappropriate use by advisory personnel;
- The accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction;
- Safeguards for the privacy protection of client records and information; and
- Business continuity plans.
Additionally, new rule 38a-1 (for funds) and amendments to rule 204-2 (for advisers) require firms to maintain copies of all policies and procedures that are in effect or were in effect at any time during the last five years.
In late 2017, the SEC issued a report on the state of cybersecurity for a subset of SEC-regulated organizations, and released this findings document which firmly suggests that investment advisors do what Cyberstone offers, namely security and gap analyses, penetration testing, and written cybersecurity policies.
Banks and Credit Unions
Cyberstone’s cybersecurity team has a rich history helping banks and credit unions. One of the primary drivers for cybersecurity services in these institutions is the Payment Card Industry’s Data Security Standard (aka PCI-DSS). According to the PCI-DSS v3.2 Quick Reference Guide, “occasionally lax security by some merchants enables criminals to easily steal and use personal consumer financial information from payment card transactions and processing systems.”
We realize that PCI DSS compliance is a continuous process involving assessment, adjustment, and reporting on an ongoing basis. Cyberstone can help banks and credit unions with any of the 12 PCI requirements.