1

What to expect in a cyber-security examination and 5 simple things advisors can do now to be prepared

2

#2 most common crime perpetrated against advisors is cybercrime... PWC report

2014

3

4

Risk assessment of key infrastructure

Unsecured wirelessNetwork firewall disabledAnti-virus out of datePasswords weak

Infrequent Data backup or none

Unsecured remote access

Guest & Private networks on same

subnet

Unencrypted drives

OS updates not done

Unsecured file-share

Application blacklist

Data Retention Policy

5

5 steps advisors can take to get prepared for their next cyber exam!

Step 1: Get an information security policy

6

Tip: While documenting your policy is important, an enforcement and management strategy is super-critical.

Work with a reputed firm in Privacy LawsAll 3rd party tech vendors should be auditedBonus: Look into cyber security insurance

Step 2: Practice simple device hygiene

7

Tip: Checks settings on all devices weekly if NOT daily, NOT just before an audit!

Inventory all software installed on all devicesSet screen-lock (15 mins)Enable OS to auto-update Install/enable Anti-virus auto-updateEnable device firewallDo NOT install peer-to-peer software

Step 3: Use Password Management Tools

8

Tip: Use a password manager with secure access to auto-generate and manage passwords. Examples : Lastpass, Keepass etc.

Set device password to at least 8 charactersSet password complexity to high (uppercase, #'s...)Change passwords on all devices every 60 daysDon't use the same password

Step 4: Use encrypted communication sessions

9

Tip: Do not use free Wi-Fi networks for transacting business. Even if you have a MiFi hotspot, use a VPN

service.

Only connect to WPA2-enabled WiFi NetworksUse SSL or IPSec VPN connectionsAlways use secure remote desktop tools

Step 5: Utilize full disk encryption on all devices

10

Tip: Desktops are not required to be encrypted but highly recommended. Mobile devices should definitely be

encrypted.

Use approved full disk encryption on all devicesDisk/volume encryption is better than file-levelDo NOT use TruCrypt!

• Developed a cyber-security risk management platform for financial advisors and compliance partner organizations

• Venture-funded start-up. HQ in San Mateo, CA

• Founders are Berkeley-grads >14 years of experience each

• Team of 15 Cloud, Networking & Security Developers

• Team worked at Symantec, Oracle, Alcatel, Packeteer

.

11

About Entreda

12

If you have any questions, stop by the Entreda booth (#118)

Ask us about:FREE 60-min webinar on SEC/FINRA audit prep

FREE 14-day (personalized) device audit

&

Register to win a bottle of Award-winning Sonoma Valley Wine