If you have been watching or listening to the news, you may be aware of a ransomware attack known as WannaCry, WCry, or Wanna Decryptor that has affected many businesses in over one hundred countries. The ransomware locks files on the infected computer system and encrypts them so they cannot be accessed until you pay the ransom.
How do you protect against the WannaCry ransomware? All Microsoft Windows users should verify that their operating systems have been updated and all current security patches have been installed. Also, Broker-Dealers and Investment Management Firms can review the alert published by the United States Department of Homeland Security’s Computer and Emergency Readiness Team – — U.S. Cert Alert TA17-132.
The Office of Compliance Inspections and Examinations (OCIE) has identified multiple security practices, procedures and controls that all firms can use to guard against ransomware. The following are some of the security practices, procedures, and controls they identified:
Cyber-risk Assessment: Firms should periodically conduct risk assessments of critical systems to identify cybersecurity threats, vulnerabilities, and the potential business consequences.
Penetration Tests: Firms should periodically conduct penetration tests and vulnerability scans on systems that the firms consider to be most critical.
System Maintenance: Firms should verify regular system maintenance is being completed and ensure that critical software patches that address security vulnerabilities are being installed.
As part of an effective cybersecurity program, the above are a few key security practices that each firm needs to verify they are conducting and are including in their cyber security policies and procedures. Please contact Red Oak Compliance Solutions if you would like help in drafting cybersecurity policies and procedures.
About Red Oak Compliance Solutions
Red Oak Compliance Solutions is a leading provider of intelligent compliance software, offering a range of AI-powered solutions designed to help firms of all sizes successfully navigate the increasingly complex regulatory landscape. Our suite of 17(a)-4/WORM compliant features offer risk minimization, cost reduction, and process optimization capabilities with features that are designed to evolve with our client’s needs. Our flagship advertising review software enables firms to deliver compliant content to the market with confidence, faster. Our Disclosure Management and Intelligence solution simplifies the management of disclosures, while our Registration Management solution automates and streamlines the licensing and registration process, further enhancing your internal processes.