Compliance Need to Know: “It Doesn’t Happen….Until It Happens,” Cyber Security, Part II
To catch up on our story, click here.
Tom only got through about half of the emails he wanted to. “Of course!” Tom kicked himself. Like every other day, it was already lunch hour out of the blue. Instead of lunch, Tom decided to send the due diligence files to Susan. During the meeting with the Bakers, the discussion deviated to oil and gas investments. Though not popular now, there was a convincing argument to diversify, enough to email them a brochure and schedule a follow up meeting next week. He really needed Susan’s opinion on this.
“Tom! One o’clock?” Danny irrupted.
“It’s one o’clock already?!” Tom thought. “Yeah, yeah come on in Danny.”
As Danny sat down, Tom pulled out of his briefcase a stack of files and set a thumb drive on top. “It is organized, but if you could upload this to the cloud, I’d appreciate it.”
“Wow, that’s a lot of paper,” Danny replied.
“Well, many of these firms still deal in paper,” Tom replied remembering all the dusty files he had to go through as an intern.
“But what if they have a fire or a storm or something?”
“Well, they should have a secondary site for that,” Tom stated knowing that this wasn't true in most cases. Hurricane Sandy destroyed one of his sub-adviser's offices, and it took months to get that information back and cost him several clients. It had been fifty years since the last major hurricane hit New York City. That’s why any third party due diligence includes questions about the business continuity from that day forward.
“Business Continuity, it won’t happen until it does happen,” Tom said not needing that headache again. “Oh, I have some stuff to email to you too.”
“You are going to have to give me a day or two for the scans. Just email me the stuff right now, and I’ll put that up first in the CRM,” Danny said reassuringly ”Oh, we have the API connected with the broker-dealer now.”
“The AP-what??”
“The interface. We can now have seamless communication with the BD,” Daniel said with a smile.
“That will make life easier.” Now Tom needed to get ready for the meeting with Susan and the million questions that he wasn’t sure that he had the answer to.
The meeting with Susan went great. Midline concerns, no problem. County mineral right records, no issue FINRA reporting, easy. It was looking like they had a new product to offer their clients. The Daltons had an interest in this type of investment, so did several clients. The weird thing was that the Dalton family office emailed Tom again with that hyperlink. Tom thought that Mike figured out the issue, so he clicked on it, but again it went to the same bad website. Tom thought, “I really need to call him tomorrow.”
It was at the end of the day and time to go home. As Tom was leaving Rebecca was too She was a friend, not just an employee, and leaving at the same time was common. With concern in her voice, she asked, “How did the Daltons get my personal email?”
Cyber-attacks can seem innocent at the time. If you are experiencing a slowdown in your network, this could be a denial of service attack. Pop-ups could mean the presence of malware. Or you may have a phishing attack that downloads a virus that compromises your system. It is a good policy to conduct regular training for your staff to spot the warning signs and react immediately.
Next, we will see how this phishing attack spread and the mistake that the staff made in their delayed reaction.
For more information about our services, contact us by calling us at 1-833-RIACCIO, emailing us at info@riacc.io, or by clicking here to schedule a free consultation.
