What happens when an OSJ doesn't safeguard the cloud? - The Tek > Blogs



What happens when an OSJ doesn't safeguard the cloud?

By:  Charles Paikert - senior editor with Financial Planing, a SourceMedia publication

IBDs: Keep your head — or some IT supervision — in the cloud.

Independent broker-dealer Lincoln Financial Securities found out the hard way what happens when an OSJ’s cloud server vendor fails to protect customer information from hackers.

As part of a FINRA enforcement action, the Fort Wayne, Indiana-based firm agreed to a censure and a $650,000 fine for failing to reasonably "safeguard confidential customer data" and "supervise and retain consolidated reports."

According to FINRA, foreign hackers penetrated the OSJ's cloud-based servers and had access to customers’ nonpublic personal information. In a letter of acceptance, waiver and consent, FINRA faulted Lincoln for failing to monitor or test the third party vendor’s information security.


FINRA also alleged that the IBD failed to adopt reasonable data security policies that included specific firewall policies and related testing, and cited violations of Rule 30 of Regulation S-P, which requires the protection of customer records and information.

In a statement, Lincoln "accepted and consented to the AWC, without admitting or denying the findings." The firm said it has implemented "corrective actions or enhancements" to address the security of confidential customer information and account statements.

"Firms must go the extra mile to protect customer information and not just rely on hiring a third party," warned financial consultant Cipperman Compliance Services, in one of its regulatory releases. "FINRA will hold broker-dealers strictly liable for data breaches, even those occurring at the vendor."

Legal cybersecurity expert Kenneth Rashbaum agrees.

"FINRA has sent a loud and clear message that broker dealers are ultimately responsible for data that place with third parties," says Rashbaum, partner and head of privacy and cybersecurity practice at Barton in New York. "This is settled law but the agency by the amount of the fine apparently believes a reminder is necessary due to the growing amount of data placed with third parties such as cloud providers."



Trickery during Halloween? Don't fall for this phishing attempt!

“*****is your pass words. Lets get straight to the point. Neither anyone has compensated me to inve...

Read More >

Cool Micro PC setup for Conference Room

We had a client that needed a conference room TV that was fast and portable. This was our solution.

Read More >

Tek Tip - Duplicate Pages in Adobe Acrobat

Open Acrobat and expand the Page Thumbnails pane:   Select the page(s) you wish to co...

Read More >

Cyber Security Lessons from a Long Time Ago in a Galaxy Far, Far Away…

Every single parent on this planet seems to have that one story. The one where, when they tell it, ...

Read More >

VOIP Installation for Synaptis

VOIP Solutions are some of the more popular cloud based hosted solutions on the market today and one...

Read More >

The Changing Face of Cybercrime—Know Your Enemy

As a cybersecurity professional, you are the guardian of data, the gate keeper, and the architect of...

Read More >
You need to login in order to comment
Sign up for our Newsletter