FINRA & SEC Warnings about Cyber-Threats
At the Financial Industry Regulatory Authority (FINRA) cyber-security conference in New York, FINRA, the Securities and Exchange Commission (SEC), and the National Futures Association stated that cyber threats on numerous fronts, including but not limited to external phishing and ransom-ware assault and resentful ex-staffs and poor security control have persisted in brokerage firms.
Salvator Montemarano, one of the inspectors in the office of compliance inspections and examinations of SEC expressed to attendees that using a single-factor authentication is a better system compared to multi-factor authentication, though an additional layer of security is needed, because a registered representative of the firm carelessly gave access to a “bad actor” and by so doing, the hacker gained access into the client portal of the firm and was seen as a trusted user because of the representative’s credential being used. After a successful transfer of data from the client portal, a second attempt was interrupted due to security systems.
According to Montemarano, it is pertinent to know the kind of data a brokerage firm is putting in the cloud environment and where the physical environment is situated. Also, it is important to know what the cloud service provider is and/or is not responsible for.
Expectations from Hackers
According to Gregory Markovich, firms should expect many fraudsters who were ex-employees and have adequate knowledge of the operations of the firm and firm should consider reviewing its security procedure for any defects. He also stated that a fake version of a firm’s URL, which could look very similar to the firms’ could be created to commit fraud.
Experts Recommendations on Brokerage Security
According to the regulator’s surveillance director, David Kelley, reports must be made to all departmental heads and coordinators whenever there is a breach in security, so that FINRA would be immediately alerted.
Montemarano stated in light of the above that over 60% of workers take with them firm data when leaving, hence, firms must monitor the access of an employee whose employment is terminated or a resignation letter has been submitted and is leaving.
Dale Spoljaric concluded by advising firms to ensure strict and good policies in place when it comes to the issue of passcodes and these policies must be adhered to and enforced accordingly.
Pennsylvania & New Jersey Securities Litigation Firm
If you or someone you know has been the victim of investment fraud or broker misconduct, please contact our attorneys immediately for a free consultation at 215 462 3330 or by using our online contact form.
