FCI

FINRA’s Guidance and Insights Concerning Cybersecurity

Earlier this year, the Financial Industry Regulatory Authority (“FINRA”) published its 2023 Report on FINRA’s Examination and Risk Monitoring Program (the “Report”). The Report emphasized that FINRA believes “cybersecurity remains one of the principal operational…

Cybersecurity Expert & FCI CEO, Brian Edelman Presents at T3 Conference

The T3 Conference being held March 13-16, 2023, in Tampa, FL brings together technology vendors, industry leaders, financial advisors and financial services executives from banks, custodians, independent broker/dealers, insurance companies and large RIA networks.  …

SEC Rule Nearing Implementation

Although the last few updates have concerned the New York Department of Financial Services (“DFS”) and its proposed amendments to its Cybersecurity Regulation, 23 NYCRR Part 500, it is important to remember that the Securities…

FCI Participates in Ebix Envision 2023

FCI joined the Ebix Envision 2023 User Group & Expo held February 21–23, which brought together Ebix users and solution partners to exchange ideas and explore Ebix’s exciting vision for shaping the industry.   FCI…

2023 and DFS Proposed Amendments

As discussed prior, in late 2022 the New York Department of Financial Services (“DFS”) published proposed amendments to its Cybersecurity Regulation, 23 NYCRR Part 500 (“Proposed Amendments”). If the Proposed Amendments are adopted, they would…

PLANSPONSOR Article Cites Cybersecurity Expert & FCI CEO, Brian Edelman

“Why Cybersecurity for Retirement Plans is More Important Than Ever” by Alex Ortolani   Following Brian Edelman’s CNBC FA Summit “Securing Your Savings” appearance, PLANSPONSOR shared important cybersecurity recommendations to help firms ensure that plan…

Removable Storage Device Encryption

To prevent the loss of private data, it is recommended to either block external drives from use or enforce their encryption.   If, for example, you back up private data to an un-encrypted drive (such…

The Importance of Device Decommissioning

Your firm’s Cyber Program or Written Information Security Policy (WISP) should include a procedure for decommissioning devices when they will no longer be used.   Regulators are requesting that firms formally offboard, track and retain…

What do hackers see about your firm?

FCI offers a Corporate Internet Attack Surface Assessment (CIASA) that provides complete visibility of your business’s attack surface, from internal networks to the farthest reaches of the internet, where attackers lurk.   Discover, classify, and…

FCI Sponsored Cybersecurity Panel Discussion

FCI sponsored a cybersecurity panel discussion at the Security, Privacy, Risk & Compliance Retreat, Amelia Island, FL hosted by Sub-Four Capital.   The security retreat brought together top C-level executives from Large Enterprises, Mid-Market, SMBs,…

Big Cyber Risk: Unmanaged Devices

One of the biggest risks in cybersecurity is the allowance of unmanaged devices to access enterprise private data.   When unmanaged, a firm does not have the ability to ensure cybersecurity safeguards and compliance of…

Cybersecurity Insurance Developments

The cybersecurity insurance market continues to evolve and there are some important developments for your consideration.  In short, although cybersecurity insurance is an important component in your cybersecurity plan (e.g., mitigating costs), it is critical…

Zero Trust 4/4: Networks

A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers networks. Implementation of security policies is supported by a commercial-grade firewall, which prevents unauthorized entry as…

FCI article about OCSF in T3 / Technology Tools for Today

T3 published a new article about Coalition Of Cybersecurity Leaders Launch Open Cybersecurity Schema Framework (OCSF) written by FCI.   Link to the article: https://t3technologyhub.com/coalition-of-cybersecurity-leaders-launch-open-cybersecurity-schema-framework-ocsf/  

Zero Trust 3/4: Software

A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers software.   Zero Trust software is achieved by hardening configurations and implementing security gateways between users…

Zero Trust 2/4: Endpoints

A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers endpoints.   Any device used to access, store or control private data requires enforcement of cybersecurity…

Zero Trust 1/4: Users

A Zero Trust approach considers users, endpoints, software, and networks as potential threats until proven otherwise. This post covers users.   Do you know who your users are? Can you evidence it? Identity Management is…

SEC Proposes New Cybersecurity Rules

As you may remember, earlier this year the Securities and Exchange Commission (SEC) voted to propose cybersecurity rules and amendments related to disclosures, risk management and security incidents for registered investment advisers and registered investment…