Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity: Tried and True Tactics for Assessing and Managing Risks, Employee Training and Program Testing Brian Rubin, Partner, Sutherland Tee Meeks,

Published byOuti Heino Modified over 5 years ago

Similar presentations

Presentation on theme: "Cybersecurity: Tried and True Tactics for Assessing and Managing Risks, Employee Training and Program Testing Brian Rubin, Partner, Sutherland Tee Meeks,"— Presentation transcript:

1 Cybersecurity: Tried and True Tactics for Assessing and Managing Risks, Employee Training and Program Testing Brian Rubin, Partner, Sutherland Tee Meeks, CCO/CAO, Waddell & Assocs., Inc. David Edwards, President, Heron Financial Group Wealth Advisors Craig Watanabe, Sr. Compliance Consultant, Advisor Solutions Group, Inc.

2 Waddell & Associates, Inc.
Employee owned RIA firm based in Memphis with a branch in Nashville $770M AUM 23 full time employees Compliance Department = ME + compliance consulting firm No dedicated Technology Department – outsourced to a local tech firm April 15, OCIE CYBERSECURITY INITIATIVE A sample cybersecurity document request letter was provided in the appendix of the alert. The letter I received was almost word-for-word the same as the sample request document in the alert The Exam Thorough! >29 questions - most with multiple sub-sections: requiring 78 separate responses and multiple document requests (P&P, Business Continuity Plan, written information security policy, etc..). >2 weeks to respond and provide the requested supporting documents. Don’t wait until the last minute to submit your response: Required to submit via secure portal - ZixCorp secure which had issues even their own tech support person couldn’t resolve quickly.

3 I am not a “techie”? How do I answer these questions?
Create a team! Meet the W&A team - Compliance officer (me) + Compliance consultant – Ascendant + IT consultant Suggestion: also get your CEO and/or other executives involved in this process. Not because they will be helpful, but they need to be aware of the magnitude of what is involved with the security of your systems and the compliance that is involved. Each question was reviewed, discussed and answered by the most qualified person on the “team” Some questions were more tech focused: Protection against DDoS attacks Process for removal, transfer & disposition of IT assets Others were more compliance focused: Does your Business Continuity plan address cybersecurity incidents? Do you provide guidance/risk training ? ! Within a couple of weeks of submission I received a call to schedule a follow up call to discuss my answers in more detail. I asked if the other members of my “team” could participate on the call. Suggestion: If you choose to include your IT expert, be sure to advise them on how to interact with the auditors. They should answer the questions directly and not provide more information than is required. IT people LOVE to talk about what they know! The follow up call was very interactive. Provided a lot of clarity for both us and the examiners.

4 Words of Wisdom In our third and final “wrap up” call, the examiners made a few suggestions: 1) They don’t expect CCO’s to be technology experts but they do expect them to be knowledgeable enough about their firm’s technology to understand and mitigate the risks. I mentioned our IT consultant was drafting a Standard Operating Procedure (SOP) manual for us. NOTE: As a result of a recent loss of data on one of our servers, we have learned FIRST HAND just HOW important this is. GET OUTSIDE, UNINTERESTED PARTY ADVICE if necessary! 2) Employee training and client education is extremely important Be sure to document your training 3) Consider purchasing a cybersecurity insurance policy

5 W&A Best Practices Created an IT risk team. Consists of one or more people from: Compliance Management (for budget purposes) IT (department or outside solution) Use “The letter” as an ONGOING Audit of our technology risks Our IT risk team meets periodically Questions in the audit letter are reviewed again and we discuss changes/updates. Make sure your IT expert(s) can answer EVERY question confidently. (Caution: you may not understand a word your tech person is saying. Hang in there. You will be surprised what you will eventually learn) Purchase Cyber Liability Insurance Get your IT person involved with this process too. They know what kind of coverage best fits your company’s needs. Get multiple quotes – they VARY! Some applications are VERY detailed. Share EVERYTHING tech related with our IT department/consultant Policies and procedures Cyber Liability policy Industry articles IT department/consultant drafting a SOP manual EDUCATE our employees AND our clients. We have frequent conversations about potential risks. Remember: you are responsible for understanding and mitigating the risks!

Download ppt "Cybersecurity: Tried and True Tactics for Assessing and Managing Risks, Employee Training and Program Testing Brian Rubin, Partner, Sutherland Tee Meeks,"

Similar presentations

How to Convert CPRs into AF Introductions The Hows and Whys.

How to Convert CPRs into AF Introductions The Hows and Whys.
Pamela Norris Project Manager Kraft Kennedy & Lesser, Inc.

Pamela Norris Project Manager Kraft Kennedy & Lesser, Inc.
Award Close-out Procedures-an overview Review award documents Complete Reconciliation Sheet Budget Reconciliation Expense Reconciliation Oracle Balances.

Award Close-out Procedures-an overview Review award documents Complete Reconciliation Sheet Budget Reconciliation Expense Reconciliation Oracle Balances.
ELOC Bank Table Top Exercise Executive Leadership of Cybersecurity Austin, TX December 3, 2014 1.

ELOC Bank Table Top Exercise Executive Leadership of Cybersecurity Austin, TX December 3,
Security and Personnel

Security and Personnel
Investment Adviser Compliance National Compliance Services, Inc.

Investment Adviser Compliance National Compliance Services, Inc.
Financial Planning. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.

Financial Planning. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.
1 Walk-in slide. 2 How to Manage a System Upgrade The Good, The Bad and The Ugly of Conversions David Cervelli Managing Consultant April 25, 2006.

1 Walk-in slide. 2 How to Manage a System Upgrade The Good, The Bad and The Ugly of Conversions David Cervelli Managing Consultant April 25, 2006.
WHAT ARE MY AUDITORS DOING?. Your Presenter Dianne Batistoni, CPA –EisnerAmper Insurance Group Audit Partner – Bridgewater, NJ –908-218-5002, ext. 2239.

WHAT ARE MY AUDITORS DOING?. Your Presenter Dianne Batistoni, CPA –EisnerAmper Insurance Group Audit Partner – Bridgewater, NJ – , ext
TERRORISM / POLITICAL VIOLENCE SOLUTIONS FAIR International Insurance Conference on Political Violence 12-13 April 2010 – Karachi Daniel O’Connell

TERRORISM / POLITICAL VIOLENCE SOLUTIONS FAIR International Insurance Conference on "Political Violence" April 2010 – Karachi Daniel O’Connell
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Inspecting A Hedge Fund 2010 NASAA IA Training. Preparing for the Inspection  Getting over your fears  Treat as any other advisor  Preparation  Obtain.

Inspecting A Hedge Fund 2010 NASAA IA Training. Preparing for the Inspection  Getting over your fears  Treat as any other advisor  Preparation  Obtain.
1 6c: IA/PF - The Compliance Program and Modern Technology (Part 1 - Workshop) October 22, 2014 Mitch Kraskin - CEO, Compliance Science, Inc. Peter Mafteiu.

1 6c: IA/PF - The Compliance Program and Modern Technology (Part 1 - Workshop) October 22, 2014 Mitch Kraskin - CEO, Compliance Science, Inc. Peter Mafteiu.
Best Practices for Graduate Supervision December 10, 2014 Your Role in Graduate Studies.

Best Practices for Graduate Supervision December 10, 2014 Your Role in Graduate Studies.
PLANNING FOR SUCCESS: IMPLEMENTING INFINITYHR. Katie Cuthriell Implementation Services Manager IntroductionPlanningDesigningBuilding Testing & Training.

PLANNING FOR SUCCESS: IMPLEMENTING INFINITYHR. Katie Cuthriell Implementation Services Manager IntroductionPlanningDesigningBuilding Testing & Training.
Resume and Cover Letter Workshop You have 8 – 10 seconds to tell your “story”. So what are you going to say, and how? Career Services.

Resume and Cover Letter Workshop You have 8 – 10 seconds to tell your “story”. So what are you going to say, and how? Career Services.
Being Audited – Life on the Other Side of the Fence.

Being Audited – Life on the Other Side of the Fence.
CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -

CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -
Corporate Roundtable Discussion April 4, 2011. Ten Areas of Discussion Transfer Volume Policy Changes Made Recently Policy Changes Contemplated What Works.

Corporate Roundtable Discussion April 4, Ten Areas of Discussion Transfer Volume Policy Changes Made Recently Policy Changes Contemplated What Works.
What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani.

What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani.

Similar presentations

Ads by Google