Phishing

20% more Investment Firms Cyber Security Incidents Reported in 1st 4 months of 2017 than the whole of 2016

Posted on

In a response to an FOI Request asking “The total number of cyber incidents (both attacks and those attributable to human error) suffered (to your knowledge) by the private equity firms that you regulate” The FCA doesn’t hold data for Private Equity particularly but does for firms with Managing Investment permissions and the results are […]

IT Sytems

The UK Government says STOP changing your passwords

Posted on

“CESG now recommend organisations do not force regular password expiry. [They] believe this reduces the vulnerabilities associated with regularly expiring passwords … … while doing little to increase the risk of long-term password exploitation” This is actually sane advice if, and only if, you follow all of it!  There is more…. In a blog post called The problems with […]

Security

Phishing in the Wall Street Pond

Posted on

why do thieves target banks? as Willie Sutton apocryphally said “because that’s where the money is.” Fire Eye has released a report on the activities on a group called FIN4. They target C suite individuals in fortune 100 companies via email. And these are not the Nigerian 419 emails, they are well written and highly […]

Security

JPMorgan Admits Massive Data Breach

Posted on

76 million households and 7 million small businesses data compromised, which is pretty much all of their retail customers in the US One person briefed said more than 90 of the bank’s servers were affected, effectively giving the hackers high-level administrative privileges in the systems. Faced with the rising threat of online crime, JPMorgan has […]

Data Breach

How Russian Hackers Stole the Nasdaq – Businessweek

Posted on

What the investigators found inside Nasdaq shocked them, according to both law enforcement officials and private contractors hired by the company to aid in the investigation. Agents found the tracks of several different groups operating freely, some of which may have been in the exchange’s networks for years, including criminal hackers and Chinese cyberspies. Basic […]

Security

FCA Issues Guidance on IT Outsourcing

Posted on

The Financial Conduct Authority (‘FCA’) has historically been rather Delphic about the status of Information Technology (‘IT’) in regards the SYSC and COBS rules.  The language in the rule books describes “systems” and “processes” but is not specific about the implementation of or the platform upon which they exist. For instance Record Keeping (SYSC 9.1) […]

Security

FCA Rules for IT Pros within Fund Managers

Posted on

A summary of the more relevant, in regards IT, rules within the FCA handbooks. Biggest takeaway is get the compliance dept onside and they are mandated to force through the budget! SYSC 6.4.1 is your friend in this regard. System Security SYSC 3.2.6 & SYSC 6.1.1– A firm must take reasonable care to establish and […]

COBS 11.8

FCA Record Keeping – Are you sure you want to outsource that?

Posted on

Is your firm compliant with the FCA regulations on Archiving? Let’s imagine you’ve outsourced your IT to your preferred IT outsourcing provider and they have stated that they will provide a 7 year archiving service… Is that any good to you? – Probably not without a thorough understanding of your responsibilities and understanding how your outsource […]