Download - T3 conference talk nov 2014
1
What to expect in a cyber-security examination and 5 simple things advisors can do now to be prepared
2
#2 most common crime perpetrated against advisors is cybercrime... PWC report
2014
3
4
Risk assessment of key infrastructure
Unsecured wirelessNetwork firewall disabledAnti-virus out of datePasswords weak
Infrequent Data backup or none
Unsecured remote access
Guest & Private networks on same
subnet
Unencrypted drives
OS updates not done
Unsecured file-share
Application blacklist
Data Retention Policy
5
5 steps advisors can take to get prepared for their next cyber exam!
Step 1: Get an information security policy
6
Tip: While documenting your policy is important, an enforcement and management strategy is super-critical.
Work with a reputed firm in Privacy LawsAll 3rd party tech vendors should be auditedBonus: Look into cyber security insurance
Step 2: Practice simple device hygiene
7
Tip: Checks settings on all devices weekly if NOT daily, NOT just before an audit!
Inventory all software installed on all devicesSet screen-lock (15 mins)Enable OS to auto-update Install/enable Anti-virus auto-updateEnable device firewallDo NOT install peer-to-peer software
Step 3: Use Password Management Tools
8
Tip: Use a password manager with secure access to auto-generate and manage passwords. Examples : Lastpass, Keepass etc.
Set device password to at least 8 charactersSet password complexity to high (uppercase, #'s...)Change passwords on all devices every 60 daysDon't use the same password
Step 4: Use encrypted communication sessions
9
Tip: Do not use free Wi-Fi networks for transacting business. Even if you have a MiFi hotspot, use a VPN
service.
Only connect to WPA2-enabled WiFi NetworksUse SSL or IPSec VPN connectionsAlways use secure remote desktop tools
Step 5: Utilize full disk encryption on all devices
10
Tip: Desktops are not required to be encrypted but highly recommended. Mobile devices should definitely be
encrypted.
Use approved full disk encryption on all devicesDisk/volume encryption is better than file-levelDo NOT use TruCrypt!
• Developed a cyber-security risk management platform for financial advisors and compliance partner organizations
• Venture-funded start-up. HQ in San Mateo, CA
• Founders are Berkeley-grads >14 years of experience each
• Team of 15 Cloud, Networking & Security Developers
• Team worked at Symantec, Oracle, Alcatel, Packeteer
.
11
About Entreda
12
If you have any questions, stop by the Entreda booth (#118)
Ask us about:FREE 60-min webinar on SEC/FINRA audit prep
FREE 14-day (personalized) device audit
&
Register to win a bottle of Award-winning Sonoma Valley Wine