Protecting business-critical data from Ransomware

Last Friday’s global WannaCry Ransomware attack is a reminder of just how vulnerable businesses can really be from this form of cyberattack, and the challenges businesses face with constantly having to execute best practices related to security measures. But a comprehensive cybersecurity plan should not just be for employees, but rather firm wide. “…because at the end of the day what is important is your data. Your monitor, CPU, or memory, can be replaced, but the data on your disk storage is irreplaceable and business critical.”- Pravin Khanolkar, CEO of DbCom

How can you lose your data?bug

There are several reasons for any industry to suddenly lose their sensitive and critical data; due to environmental disasters, disk crashes and corruption, or simply due to the occurrence of “human-error”. But cyberattacks in any form regardless of the reasons above or due to, Ransomware, Malware, or Viruses, have the ability to create havoc and completely paralyze entire businesses. The key to avoiding such chaotic responses is to be proactive.

scaryJust how dangerous is data loss to your business? 

  1. Loss of business-critical data, for some businesses recovery may be impossible.
  2. Loss of money as some businesses are forced to pay off these cybercriminals, as well as, the remedial work required to recover from these attacks.
  3. Loss of time. As the saying goes, “time is money”, down-time, or worse shutting down your business can be detrimental, if not devastating.
  4. Loss of reputation. Your business name is on-the-line here, whether your business is related to government, medical or financial industries, clients place a high-level of trust in your deliveries.

Challenges to protecting critical-data

Frustration

Experts agree that the best method to defend against data loss from ANY type of failure is to place it in a format that cannot be rewritten again, in other words, in WORM (write-once-read-many) format. Although, this solution is the best practical solution for protecting your data, it has its own challenges.

  1. The amount of data being stored may require changes in media.
  2. The daily manual process of tracking timings and media.
  3. Data at rest must be secured with appropriate level of encryption.
  4. The high cost of cumbersome manual operational processes.

What is the solution?

Planning ahead is the BEST solution. Begin with migrating data to WORM format, and automate the entire process. Using a D3P (Designated Third Party) vendor, such as DbCom-EQube’s EWORM data storage retention solution, who not only addresses FINRA and SEC requirements, but can also protect client-critical data from sudden lose. Their EWORM, which features double encryption and indexing of data, helps to relieve businesses of the high burden of constantly preparing from these unplanned sporadic attacks, and questioning whether or not security measures currently in place, are enough protection.

end of a tunnel

Savvy regulators require savvy solutions

I find it very interesting that in a world where technology changes faster than some people change their minds, there are firms still utilizing old methodologies.

These firms review trade reports utilizing print outs, spreadsheets or in-house built systems that are time consuming and leave firms open to human error and scrutiny. How many times have these reports being reviewed utilizing these processes been misfiled, discarded or simply not reviewed? When they are correctly printed and reviewed, these firms now have the obligation to store these reports and the arduous task of retrieving them when they have an exam or regulatory request.

Regulators are becoming more savvy in both document capture and analysis. By utilizing gateways, being provided access to data bases and third party systems. Making these reviews quicker and more efficient for all parties.

Thus creating the need for a competent report capture and review system.

Multitasking

Think of how much time, money and effort can be saved if you could log into a web based system from either your office or home. Where you are able to review all your reports, add commentary, attach material support data, flag for further review, forward to other parties based on work flow and have it all time stamped with the user credentials for future reference. Not to mention the ability to be stored securely in a WORM compliant format.

No longer will you need to be concerned about the following:

  1. Does the printer have enough paper, will it jam or have some other production issue?
  2. When the person who built the in-house system leaves, Who will troubleshoot issues and support it?
  3. After initial reviews, were the reports presented to the necessary parties for completion or additional commentary on a timely basis and recorded accordingly?
  4. Storing files for the prescribed retention time both on and off-site. Managing proper disposal of those files that no longer need to be retained. As well as the cost associated with this process.

StopStop utilizing outdated processes. Update your systems and be protected.

Original article on LinkedIn: Compliance Related Documentation Storage Review: Commentary

Report this

Anthony Falce

Anthony Falce

Sales, Marketing, Account Management for FinTech and Regulatory Compliance solutions provider

By Anthony Falce 

anthony.falce@dbcomsys.com

WORM or be WARNED

Recently in a FINRA Regulatory and Examination Priorities Letter the topic of Operational Risks, including cybersecurity and Rule 17a-4 were discussed.

This rule, as we know pertains to a firm’s obligation to preserve Broker-Dealer and Customer records in a non-writable, non-erasable format known as “Write Once Read Many” or simply “WORM.”

Unfortunately for several firms in the recent past FINRA has elected to become more stringent with its enforcement of this rule and has levied substantial fines against those found to have been non-compliant.

The rule in itself serves as notice that our security and preservation goes beyond the most commonly considered measures, where firms stress the importance of maintaining legitimate password parameters, auto-locking terminals, monitoring home and branch offices and portable storage devices.

This rule also requires us to be cognizant of today’s ever changing world and all the twists and turns that come with it. It reminds us that at every corner we must consider the perils that face our industry and most in general. With our increasing dependence on technology to run and maintain our businesses, we become more susceptible to data loss stemming from internal technical issues, human error, viruses and possibly ransomware.

Third Party Vendors (D3P), such as DbCom – Eqube have been able to successfully step in and assist several firms in complying with this regulation and avoid fines and potential data loss, by using their retention storage solutions. These firms securely store all transactional data, database copies and logs, as well as, general ledgers in an on-line, reviewable and downloadable format that satisfies all WORM requirements for redundancies and provides long term data storage.

** http://www.finra.org/industry/2017-regulatory-and-examination-priorities-letter

SEC Rule and Fines forces a closer look at WORM retention practices

Posted by Anthony Falce, Senior Sales and Account Manager for DbCom – EQube

Reach out to Anthony at Anthony.falce@dbcomsys.com

Powered by WordPress.com.

Up ↑