Help on Supply Chain Cyber Risks

supply chain

I hadn’t noticed this until now, but we have fresh help for audit and risk managers worried about cybersecurity risks in the supply chain: CISA, the top cybersecurity regulator in the United States, has published a short guide on how small and medium-sized businesses can navigate that challenge. CISA released the guide last week —…

Read More

FINRA Talks Cyber Risks

FINRA

FINRA, the regulator for broker-dealer firms that every other compliance professional should follow anyway, has given us yet another piece of nifty guidance: its annual report on regulatory examinations, brimming with advice about risks related to cybersecurity, anti-money laundering, and other issues.  Like most other financial regulators, FINRA examines the compliance programs of businesses under…

Read More

SEC Reminders on Identity Theft

FINRA

The Securities and Exchange Commission has published a review of financial firms’ identity theft programs, in case anyone is looking for helpful hints and tips on how to strengthen your own program. Most of the SEC’s advice, however, boils down to a company sincerely thinking about its risks here. The advice came in the form…

Read More

Getting a Better Grip on IT Controls

controls

Today I want to circle back to last week’s collapse of cryptocurrency exchange FTX. One allegation is that FTX’s now-former CEO, Sam Bankman-Fried, engineered a “back door” into the company’s financial systems so that he could execute transactions without review. My question: would an audit of internal controls over financial reporting catch something like that? …

Read More

NY-DFS Proposes Updated Cyber Rule

cybersecurity

Big news for audit and GRC professionals in the financial services world: the New York Department of Financial Services has proposed numerous updates to its Cybersecurity Rule, which would place more responsibilities on the CISO and impose more exacting standards for cybersecurity policies, procedures, and other control activities.  The Department of Financial Services (DFS) unveiled…

Read More

Another FTC Cyber Enforcement Case

Chegg

Another week, another enforcement action from the Federal Trade Commission to remind the rest of us what steps we should take to protect consumers’ personal data. This time the company going to the woodshed is Chegg, an education tech company that lumbered along for years with poor data protection practices. Chegg provides textbooks, study aides,…

Read More

Bold FTC Action Against Drizly

drizly

Fascinating enforcement action from the Federal Trade Commission this week, which brought charges of poor cybersecurity practices against an online liquor store and its CEO personally — who will need to abide by the terms of the consent order even if he leaves the company and takes another job elsewhere! The company is Drizly.com, which…

Read More

NY DFS Strikes Again on Cyber

A vision insurance company based in Ohio has agreed to pay a $4.5 million penalty to regulators in New York, to settle charges that the company’s poor cybersecurity practices led to a data breach in 2020. It’s a small but informative case for all you and privacy compliance enthusiasts out there.  The company in question…

Read More

Twitter, Part II: Security Control Failures

twitter

Today we return to that whistleblower complaint against Twitter announced to the world last week. The complaint contained all sorts of allegations about poor cybersecurity and privacy governance — so what were those allegations, exactly; and what lessons can other compliance and audit professionals learn here?  As you might recall from our previous post, the…

Read More

Fresh Approaches to Cybersecurity Risk

cybersecurity

Every regulator and their uncle is climbing aboard the cybersecurity bandwagon these days. Before that bandwagon starts rolling away with itself, however, we might want to ask whether corporate audit and compliance teams, and even the regulators themselves, are going about all this in the wisest way possible. Two recent posts on Radical Compliance capture…

Read More