Vision. Value. Results.
water-1759703__340.jpg

Articles

Articles of Interest. Comment Letters. Posts.

COMMENT LETTERS - REGULATORY COMPLIANCE INFORMATION

Cyber Security For Small Firms (12/23/19)

CYBER SECURITY FOR SMALL FIRMS SERIES - VOL. 3

This is the third email in my Cyber Security For Small Firms Series and for this one I went to Paul Horn again, the Founder and CEO of H2Cyber, for suggested tips.

CHANGE DEFAULT PASSWORDS

Every piece of hardware or software you utilize in your business likely came with a default password to make it easier for you to setup and configure the hardware or software.

The risk associated with the industry providing default passwords is that the default password you have is the same default password for everyone else using an identical piece of hardware or software.

To compound the issue, default passwords are contained within setup guides and other documentation littered across the Internet for everyone to see.

Cyber criminals often take advantage of the fact that most businesses do not change these default passwords, which then allows these criminals to penetrate directly into your business without you even knowing it.

The best time to change default passwords is when you are done installing and configuring your hardware or software.

However, if that moment has passed and you are now unsure whether you have any default passwords within your ecosystems, most commercially available vulnerability scanners have this functionality.

It is recommended you consult with a security professional in order for them to perform the scan of your hardware/software. Should you decide to do this on your own though (not recommended), please ensure you chose the scan that is non-intrusive -- which means it will not try to exploit any vulnerabilities discovered during scanning.

HOLIDAY TIP

If you are contemplating purchasing a new computer this holiday season and thinking about

• donating your old computer to charity

• giving it to a friend or relative, or

• simply disposing of it

PLEASE ensure the sensitive data contained on it is properly sanitized to both comply with regulations and reduce the risk to your business. The fact is cyber criminals can gain access to sensitive information that was left on your device if it is not properly sanitized.

The National Association of Information Destruction (NAID) has an online directory search function to help you find someone in your area who can assist you/your firm with sanitizing your computer/laptop/tablet/phone.

This resource can be found at https://directory.isigmaonline.org

Search for: NAID AAA Certified Members.

If you are looking to donate or gift your computer, choose the Computer Hard Drives (Overwriting) or Solid State Drives (Overwriting) options under Data Destruction Services.

Clarifying Point: What is a Solid State Drive? For decades, data was stored primarily on mechanical hard drives. A solid state drive is a new generation of storage device used in computers. SSDs replace traditional mechanical hard disks by using flash-based memory, which is significantly faster the older hard disk drives we all ran on before (and perhaps still run on now).

If you are looking to dispose of your computer, choose the Computer Hard Drive (Physical) or Hard Drive Degaussing options under Data Destruction Services.

Clarifying Point: What does Degaussing mean? Degaussing is the process of totally erasing data by reducing or eliminating information stored on tape and disk media (like a hard drive disk).

If you cannot find a resource in your area to perform these sanitizing functions, there are some commercially available software platforms that can help you. We recommend that you consult with an IT security professional prior to purchasing one of these software platform services, to ensure it will meet your needs.

IN CLOSING

Please look for another installment in the Cyber Security For Small Firms Series soon. In the meantime, please be sure to pass this information along to the right person in your firm. Cyber security is an ever-important area of broker-dealer risk management for firms of all size.

Thanks, again, to Paul Horn of H2Cyber for helping with today's content. Paul is a cyber security and risk management specialist and consultant. His contact information is paul.horn@h2cyber.com and (469) 715-5255. Also, here is a link to Paul's H2Cyber website (click here).

I hope this information was helpful! Please let me know if you have any questions or suggestions for future newsletters.

Happy Hanukkah!

Merry Christmas!

Happy Holidays!

Warm regards this holiday season,

Paige

Paige W. Pierce

The Pierce Group, LLC

(Consulting - Management, Regulatory, Cyber Security)

Paige Pierce