Behavioral psychology training reduces cybersecurity risks

Cybersecurity is now battling a human problem just as much, if not more, than a technical one.

According to Verizon’s 2021 Data Breach Investigations Report, 85% of successful cyberattacks now involve a human element. Combine that with the fact that even the very best technology can only thwart about 93% of attacks, and that leaves a large hole in an organization’s basic security hygiene. This gap forces employees to make split decisions that can affect security, and failure to choose correctly puts disaster just a click away.

Read More
Advisor Armor
New RIA? Time to prep for an SEC audit!

If you haven’t planned for an SEC audit, you should.

Why? Because you are likely to face one. Advances in technology and the adoption of a data-centric approach have made it fast and easy for the SEC to comprehensively audit even the smallest firm, regardless of its location.

Read More
Advisor Armor
Compromised Email Account Leads to Data Breach at Private Client Services, LLC

Recently, Private Client Services, LLC (“PCS”) confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer information through a compromised employee email account. According to the PCS, the breach resulted in the names, Social Security numbers, driver’s license numbers and state identification numbers being compromised. On May 27, 2022, PCS filed official notice of the breach and sent out data breach letters to all affected parties. In total, the company sent out 22,554 letters.

Read More
Advisor Armor
SEC Cyber Regulation Efforts: A Mid-Year Review

2022 is not even halfway over, and the Securities and Exchange Commission (SEC) has already made it a banner year for the SEC’s efforts to shape cybersecurity policy. This alert highlights this year’s cyber developments to date and the SEC’s likely future regulatory efforts in this space.

Read More
Advisor Armor
SEC Showers Down Proposed Cybersecurity Rules: 5 Steps for Staying Dry

It’s rainy season for proposed SEC cybersecurity rules. The first watershed was proposed regulations targeting investment companies’ and advisers’ cybersecurity preparedness. See “SEC Plants New Cybersecurity Regulations; Time Will Tell What Will Bloom.” The next torrent arrived on March 9 and threatens to soak public companies. See “Four Takeaways From the SEC’s Proposed Cyber Rule for Public Companies.”

While the proposals differ in many respects, the forecast is clear:

Read More
Advisor Armor
4 Ways SEC’s New Proposed Rules Put Cybersecurity Front and Center for Advisors

In its most focused and significant response to cyber threats in nearly 20 years, the Securities and Exchange Commission released on Feb. 9 proposed new rules regarding cybersecurity risk management, risk disclosures and reporting. My partner Trina Glass spoke to me about the impact that Rule 206(4)-9 under the Investment Advisers Act of 1940 and Rule 38-2 under the Investment Company Act of 1940 could have on the advisory industry.

Read More
Advisor Armor
US SEC Cyber Risk Management Proposed Rules: Analysis for Investment Advisers, Investment Companies, BDCs and Broader Implications for Private Sector

On February 9, 2022, the Securities Exchange Commission (“SEC” or “Commission”) voted 3-1 to propose rules, forms and amendments concerning cybersecurity risk management, as well as registered investment adviser and fund disclosures. As we have previously discussed, the proposal under the Investment Advisers Act of 1940 (Advisers Act) and the Investment Company Act of 1940 (Investment Company Act) seeks to set out specific requirements for cybersecurity risk management for registered investment advisers (RIAs), registered investment companies (“RICs,” including mutual funds, exchange-traded funds (ETFs), unit investment trusts (UITs), and closed-end funds) and business development companies (BDCs)1 and related amendments to certain rules and forms that govern RIA and fund disclosures.

Read More
Advisor Armor