Vision. Value. Results.
water-1759703__340.jpg

Articles

Articles of Interest. Comment Letters. Posts.

COMMENT LETTERS - REGULATORY COMPLIANCE INFORMATION

Cyber Security For Small Firms (12/17/19)

CYBER SECURITY -- YOU CAN'T HIDE FROM IT ANYMORE!

CYBER SECURITY FOR SMALL FIRMS SERIES - VOL. 2

This is the second email in my Cyber Security For Small Firms Series and for this one I went to Paul Horn, the Founder and CEO of H2Cyber, for suggested tips.

USE SUPPORTED SOFTWARE

Microsoft is the most common operating system/platform used by businesses across the world, so let's focus on these systems in this section.

Unless you work in the IT industry, you may not know that a significant number of companies around the globe continue to depend on Operating Systems that are unsupported by Microsoft. Is your company one of these?!

Clarifying Point: What does it mean when we say your systems are "unsupported by Microsoft"? Simply, it means that Microsoft no longer provides security patches to fix vulnerabilities that are still being discovered, thus allowing cyber criminals to have unfettered access into your business systems via these system vulnerabilities.

Clearly, this is a significant risk to your business and clients.

As we move into 2020, you need to be aware of one important date: January 14, 2020. This is the date Microsoft will no longer support the Windows 7 or its Server 2008 operating systems.

While we are on this topic, if you are still using Windows XP (end of life in 2014), Server 2003 (end of life in 2015), or SQL Server 2005 (end of life 2016), it is highly recommended you develop a plan to transition to a platform that is currently supported by Microsoft.

If you need to transition to a new Operating System from Windows XP or 7, strongly consider purchasing the Professional version versus the Home version. The Professional version has more security functionality to help you address security requirements for your business.

BACKUP YOUR DATA

I am sure everyone has seen at least one news story of a business being completely shut down due to a ransomware attack. (If you haven't be sure to talk to Paige about the nightmare scenario her company experienced - YES, these attacks happen to small firms, too!)

The latest victim of ransomware was the City of New Orleans as it had to declare a State of Emergency and shut down the city’s network.

Having a backup of your data is your only protection against ransomware. Your backup provides your firm with the ability to safely recover.

If you do not have a backup, you will likely be

• starting your business from Day One,

• shutting your doors permanently, or

• contemplating paying the ransom.

Paying the ransom has a significant amount of collateral risk, as the criminals then know you are dependent on paying the ransom to retrieve your data and will likely come back for more and may also pass this information along to other cyber criminals.

Ensure you have a full backup of your important data and store it Off-Line and Off-Site. This way if someone does get into your environment, they cannot access your firm's backup and damage it. If they can get to your backup, your ability to safely recover is greatly diminished and highly unlikely.

Another important note, if you have encrypted your data, make sure you have a backup of your decryption keys (stored separately from the backup), as this will be the only way to recover in the event of an incident.

IN CLOSING

Please look for another installment in the Cyber Security For Small Firms Series next week. In the meantime, please be sure to pass this information along to the right person in your firm. Cyber security is an area of broker-dealer risk management that we cannot -- and must not -- ignore in 2020.

Thanks, again, to Paul Horn of H2Cyber for helping with today's content. Paul is a cyber security specialist and consultant. His contact information is paul.horn@h2cyber.com and (469) 715-5255 -- in case you would like to speak with him or hire him to perform a cyber security analysis of your firm.

I hope this information was helpful! Please let me know if you have any questions or suggestions for future newsletters.

All the best,

Paige

Paige W. Pierce

The Pierce Group, LLC

(Consulting - Management, Regulatory, Cyber Security)

Paige Pierce