Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Brokerage firms nervous about sloppy security practices
MADISON (6/9/14)--Advanced technology can improve online security but it can't overcome carelessness on the part of financial professionals, and Wall Street brokerage firms are nervous about the potential consequences.

Practices such as taping sensitive passwords to computer monitors and storing them in binders labeled "passwords" compromise the technological advances made in recent years, according to officials from the Financial Industry Regulatory Authority (FINRA), Wall Street's industry-funded watchdog ( Reuters June 6).
 
Some firms give login information to temporary workers then neglect to cancel their access when the workers move on. Examiners traded anecdotes about how careless brokerage employees were at a recent FINRA conference.
 
The problems are being highlighted as major online security breaches in other industries are giving Wall Street reason to think twice about online security standards.
 
Security breaches could trigger privacy law violations and trouble with financial regulators, which have noted a spate of breaches in other sectors and companies, including eBay Inc., Target Corp, Neiman Marcus Group LLC and other retailers.
 
FINRA and the U.S. Securities and Exchange Commission are looking into measures that brokerages and asset managers have put in place to safeguard against cyber attacks. On June 3, the top Massachusetts securities regulator announced cyberaudits of state-registered financial advisers.
 
The increased focus on cybersecurity is causing some firms, especially smaller ones, to step up prevention measures, said Joseph Rivela, chief strategist for Breach Intelligence LLC, a Farmington, Conn., information security firm. Many smaller firms lag their large counterparts in terms of security policies and procedures, Rivela said.
 
But even employees at large firms are vulnerable. For example, scam artists sometimes pose as customers and make wire transfer requests. FINRA has disciplined sales assistants who transferred funds without first verifying those requests with the actual customers.

Scam artists also send "phishing" emails that appear to be from customers and ask for personal data. Another scenario involves fake wireless hot spots that scam artists set up in public spaces to invade firms' systems.
 
Educating employees about scams is a critical first step, said Rocco Grillo, who heads a global information security unit at Protiviti, a division of California-based Robert Half.


RSS print
News Now LiveWire
.@CreditYOUnion captures voices of #100MM loud, proud at @GAUnitedCU See #NewsNow Thursday for more
3 hours ago
Ill. @GovernorQuinn signs patent troll law http://t.co/ugWf8zHpCm via @CrainsChicago
4 hours ago
.@MBAMortgage : Mortgage apps increased 2.8% from one week earlier for week ending Aug. 22.
5 hours ago
Franchise businesses may face higher breach risk with POS systems HT @briankrebs http://t.co/LGE46DUk15
5 hours ago
About 1 in 3 consumers use plastsic for in-person purchases of less than $5, according to @CreditCardsCom survey.
7 hours ago