By Allan Lonz, President, AdvisorVault
I started seriously thinking about cybersecurity for our customers about 2 years ago, (since we’re already a FINRA 17a-4 D3P archiving provider – it made sense to tackle this too) and of course the big document is the FINRA Cybersecurity checklist. So, naturally, I immediately downloaded this checklist from the FINRA site and read it in the attempt to solve this problem for my customers; I suppose it was my naivety, but I thought FINRA would lay out clear steps – like here is the first step you need to take to be secure, then step two, step three.. and here you are, voila! You’re Cybersecure.
But unfortunately, FINRA has failed to come up with a clear, useful checklist of items explaining what they mean by “cybersecure.” Actually, by the time I finished reading their checklist, I was even more confused, and I am sure I am not alone. Therefore, I decided to come up with my own cybersecurity checklist and be done with it. And here it is.
AdvisorVault FINRA Cybersecurity Checklist
FINRA Cybersecurity Check ONE
Sign your Company up for AdvisorVault’s Security Awareness Training Service: The first box to check will be to sign up for the AdvisorVault security awareness training. Basically, our security awareness training will continually test and educate all your employees about phishing. (The number one way hackers get in.) Now, I am not going to get into all the details about phishing or spew out a bunch of stats on how nasty it is in the attempt to make myself sound smart, but here is what our security awareness training will do for your firm:
BASELINE TESTING: The first step in the FINRA Cybersecurity Checklist is to perform a baseline testing to assess the Phish-prone percentage of your users through a simulated phishing attack. All results are logged and presented after the campaign
EDUCATION: Then your users are trained on how-to spot Phishing attempts in emails. We do this by providing the world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters
ONGOING TESTING: Phishing campaigns are randomly sent out to users to keep them on their toes and to ensure they are paying attention to phishing attempts. See your user’s click rate drop as they start to question emails that just ‘don’t look right’, this is critical to maintaining cybersecurity for FINRA member firms
AUTOMATED TRAINING CAMPAIGNS: Employees are automatically trained on how to detect and respond to threats with scheduled reminder emails. Training takes 2-10 minutes to complete on average
PASS FINRA AUDITS FASTER: Produce results during audits to get the regulator out the door faster, meet FINRA Cybersecurity Checklist and increase customer confidence in your firm.
FINRA Cybersecurity Check Two
Get on the AdvisorVault Compliant WorkSpace: The second step is to get your firm on the cloud – fully secured, fully protected with the AdvisorVault Compliant Workspace. The Compliant WorkSpace is the Microsoft 365 cloud specifically designed for FINRA firms who need to meet the stringent demand of rule 17a-4. AdvisorVault’s Compliant WorkSpace includes these features:
HOSTING FOR ALL MICROSOFT CLOUD APPS: The Compliant WorkSpace is the only 17a-4 compliant hosting for Exchange, SharePoint, OneDrive and Teams through AdvisorVault that’s automatically, backed up and archived according to FINRA rule 17a-4
ARCHIVING FOR THIRD PARTY SYSTEMS: FINRA Cybersecurity Checklist connectors for all major third-party apps including LinkedIn company pages, Twitter, Facebook, Instant Bloomberg, Bloomberg Message, Salesforce, Slack and Zoom meetings
EDISCOVERY AND AUDITING: eDiscovery and auditing to monitor Emails and data across SharePoint and OneDrive sites to identify non-compliant documents while sending notifications to compliance officers for ongoing audit/review
THREAT PROTECTION AND ENCRYPTION: By default, Microsoft 365 does not meet the FINRA cybersecurity checklist for 17a-4 compliance, but with the Compliant WorkSpace FINRA firms are ensured the highest level of email protection with built in encryption
FINRA Cybersecurity Check Three
Ongoing Monitor: The final step is to make sure you’re monitoring what’s going on. I don’t mean to talk down, but this is exactly where most FINRA firms drop the ball when it comes to their FINRA Cybersecurity Checklist; the problem is firms often let this slip after time (they put the best security monitoring in place, but no one is watching it), yet they end up with huge gaps and leave the door open to hackers without knowing it. I mean, setting up training and getting on the cloud, securing it, and protecting it, is an on-going project when it comes to compliance. But what I simply mean is, for example, ensure email alerts, reports, and logins to the security portals are sent to the compliance officer so they can closely monitor the above steps, and if the compliance officer leaves the firm, make sure the new compliance officer gets this updated information. They’re going to want this when they have the FINRA regulator breathing down their neck come next audit and they tick of their FINRA Cybersecurity Checklist.
And Bob’s your uncle; the AdvisorVault FINRA Cybersecurity check list in three simple steps. Follow this and your firm will have all the boxes checked next time FINRA shows up for their audit, and best of all, you’ll have them out the door quicker.
To learn how your firm can achieve FINRA Cybersecurity with AdvisorVault, contact us today
