Os33 Workplace cloud complies with FINRA, SOX, SOX11

Compliance on the Cloud 101

What is Compliance?

Compliance when dealing with cloud computing can be an issue for those using cloud storage or backup services. When you transfer data from your internal storage to a cloud provider’s you must examine how that data is stored so that you stay in compliance with laws and regulations. Financial cloud computing, for example, requires IT sox compliance to ensure quality of service.

In 2002 the Sarbanes-Oxley Act (SOX) was implemented as a response to huge accounting scandals. Companies like Enron, Global Crossing and others misled investors and cost shareholders billions of dollars. This, in turn, changed the IT world forever. What does this have to do with IT? It changed how we approach things like storage, data, security and other functions. 

Cloud compliance is, simply put, a principle that states a cloud based system must be compliant with standards that the cloud customer faces.

Compliance departments ensure that businesses conform to established rules and it’s important to understand, when switching over to a cloud service, how and in what ways the cloud meets compliance standards. Luckily, there are cloud providers that ensure compliance with regulations like SOX. 

If you’re in the financial services industry there are a few things to think about when considering IT solutions for finance or a cloud provider. 

How Compliance Works 

A global survey conducted by Veritas Technologies, a data management company, revealed that of the 13 countries and 1,200 businesses surveyed, 69 percent of organizations or 828, wrongfully believed that data protection, data privacy and compliance are the responsibility of the cloud service provider.

It isn’t.

When it comes to cloud compliance you need to be aware of the data you should move to the cloud and the data that should remain in house, the questions you need to ask of your cloud provider and what be written in a service-level agreement (SLA) to maintain industry compliance.

When SOX was first written, it explicitly left out how regulations should be met. This ensured that industries could adopt the most recent technology instead of having to wait for lawmakers to catch up to technology. Because of this, the cloud is a viable infrastructure for financial companies that forced to adhere to compliance rules. 

 The way IT departments store records changed due to the implementation of SOX. Regulations state what kind of information needs to be stored that relate to SOX compliance. Things like electronic records and messages, spreadsheets and emails are considered valuable and fall under the regulation.  

It’s important that you not take this for granted, and evaluate your SLA’s with the provider.

The first thing that organizations need to do is be aware of the type of services they use. There may be certain information that’s regarded as highly confidential and a company may decide to keep it on an internal network. Or if it is moved to the cloud, it’ll be a private cloud that will be hosted on the premises.

Nerds Support has a hybrid cloud in a secure location that has military grade security.

Ensuring Cloud Compliance 

Once your company has decided what information is to be transferred over to the cloud look at the contracts you have between with your cloud provider. Depending on whether the cloud is internal or external the approach will be slightly different. If it’s external, you have to make sure both you and the provider are clear about what type of data should reside on their cloud services and how they’ll protect said data. If it’s an internal cloud, are you going to have internal compliance checklist to make sure you’re within the regulatory standards?

With cloud financial services, customers and cloud providers share the responsibility to maintain compliance. It’s the duty of the organization to investigate the security policies of the vendor. 

Important questions to ask include: 

  • Where is data stored?
  • Who has access to the storage areas or data centers?
  • How is my data protected?

Compliance 101 SOX FINRA Cost Statistics

Service Organization Controls 

In some cases, companies can look at providers that certify compliance and chose their services without any further research. There are times, however, where a company will have to be more thorough and get involved in the cloud providers security to make sure it complies with industry standards. When it comes to SOX compliance, however, you should look for a vendor that provides you with Service Organization Controls.

This report enables user auditor to evaluate audit risks associated with the use of a financial cloud provider.   

It’s also important to establish and verify benchmarks that help check the effectiveness of the security around your data on the cloud.  Make sure your provider uses federal government guidelines for cloud security if it’s based in the US.

In order to avoid miscommunications between your cloud provider and your organization, make sure you take the time to classify the data in level of importance, delegating carefully what is suitable for the cloud and what needs to remain internally stored. Have the right contracts and go through them, establishing what will be covered under their services and how they’ll protect and back up your data. A business continuity plan is also imperative, just in case of any hiccups.

Nerds Support has cloud services that comply with financial regulations.

Contact us today to schedule a free IT assessment that can identify gasps in your IT infrastructure.

Co-Managed IT Solutions Thumbnail

Co-Managed Solutions are Great for Financial Services

 

To read and learn more about financial cloud solutions, cybersecurity, compliance and more visit our website.

What is Co-Management?

The Financial services industry might be adopting financial cloud technology, but seldom is a firm ready to abandon their IT department when adopting a service provider. The transition between an in house infrastructure and the cloud requires careful planning. Moreover, adjusting to the cloud for any organization and its employees is also difficult and requires training and readjustments. Those are a few issues co-managed IT solves. Co-management means a cloud provider works with the firms’ existing in-house IT department.

It’s preferable to adopt a flexible and adaptable solution that combines what is familiar with the benefits of a cloud-centered environment. This gives your firm a costumed solution specifically tailored to meet your needs and upgrade at a pragmatic pace. This means not only technical support for financial services, but a team that provides comprehensive solutions at scale for the firm.

As a smaller firm grows, their IT departments are strained by increased demand. Co- managed solutions allow support and guidance when making strategic decisions about the firm’s network and systems. Conversely, if your firm has a skilled team of IT professionals but lack the resources, time or bandwidth for troubleshooting and smaller IT-related tasks, then co-managed solutions may be right for you.

Small financial services companies without sufficient resources will often task an overburdened member of the IT team to support users, handle contracts, maintain client relationships etc. This solution might be a quick fix but it is unsustainable in the long-term.

Because of this, internal IT departments often struggle. However, co-management provides firms with supplemental resources and outside expertise. Furthermore, there are key benefits to adopting a co-managed solution. For example, if you’re financial firm has reached a period of rapid growth and needs to adjust the scale of IT services to support internal growth. Or a company has a reliable, well-established IT staff in-house but need solutions for remote branches in other locations.

Benefits of Co-Managed IT Solutions

Increased productivity: A co-managed approach supplies IT support around the clock. Even when your in-house staff is unavailable. This can lead to reduced downtime and as a result, increase productivity.
On- Demand expertise: When your in-house IT team runs into issues that they’re not prepared for, a co-managed service provider is there to provide assistance and back-up.
Increased Security: With a co-managed model, the service provider accesses and gives access to the latest technology. The partnering IT staff comes in with certifications and experience that are important in creating a security strategy.

In a co-managed IT model, your IT partner identifies and fills gaps in your team availability and skill set while increasing bandwidth. IT solutions for finance are

A co-managed service model is created to support financial services organizations that have IT departments but are looking to increase their efficiency and upscale their work capabilities. And for a financial services company, co-management entails your partner knows IT compliance. Finra compliance among other, is essential to a successful co-managed IT model for a financial firm.

Hopefully, you understand what Co-management entails and what kind of problems it solves. If you’re still confused, we can review.

Co-Management Means Protection & Security

The goal of any co-managed IT team is to increase the abilities of the staff. At the same time, assisting with:
Hardware
• Data Protection
• Software
• Cloud computing
• Cloud Security
• Multi-factor functionality

With cybercriminals increasing their efforts to infiltrate financial institutions of all types, firms that adopt a proactive protection with a co-management service will be better off. Co-management for financial firms means security and compliance are at the forefront of cyber security.

Companies are can freely choose the types of solutions they prefer to keep in house and which ones to outsource to an outside IT team with co-management services.

South Florida Law Firms Ransomware Data Breach

Ransomeware Attack in Coral Gables Florida

For more blogs on cyber security news, fintech, the cloud and more visit our website.

Cyber Attack in Coral Gables, Fl

The Coral Gables-based company TrialWorks, a software company that manages electronic records for thousands of law firms in the US, was subject to a ransomware attack. Digital legal documents were held hostage in a classic ransomware attack.

Last Thursday, one of the law firms who’s information is kept by TrialWorks, was forced to request more timed to meet a filing deadline in an important case in federal court because it could not access its documents.

How did it Happen?

TrialWorks alerted its customers about the breach and stated it was caused by a Microsoft service outage affecting Outlook desktop and mobile apps, according to court records.

Software management services like TrialWorks continue to grow as law firms look to store their abundance of electronic documents in a host facility. This part of a larger trend of digital transformation.  In other words, the cloud. And as industries move their files and digital information to the cloud, security becomes essential against cyber threats. Government facilities throughout Florida have already suffered from cyber-attacks involving ransomware. Banks have experienced breaches as well.

Cloud computing is the natural progression of software technology. The old client-server model of getting physical disks and installing software on local servers was the only viable solution for the better part of two decades. Now industries are looking to cloud technology for a more practical approach to data storage.

TrialWorks alerted the law firms and attorneys that use its case management services that they could not access their electronically stored documents while they were resolving the breach issue. This created a more issues as TrialWorks informed customers that it had a high ticket volume and response times would be delayed.

The company merged with another company, Needles and expanded greatly. Law firms using Trialworks suffered significantly. Attorneys working cases couldn’t access the necessary files and creates set-backs that impact TrialWorks and all of their clients.

Data Breaches & Cyber Attacks

Data breaches, social engineering and ransomware attacks are devastating and are, unfortunately, underestimated by small and medium sized businesses. One of TrialWorks’ clients was a small firm of nine lawyers working on a civil litigation case. The TrialWorks breached slowed down their work. Their deadline issue was resolved, however, they have until November 14 to respond to a dispute over the testimony of an expert witness. This response requires access to critical documents in the case.

What happened at TrialWorks is not specific to them. In the month of September of 2019 alone there were 75 data breaches and a total of 531,596,111 breached records. This number is significantly less than August, which had 95 incidents total. However, there was an overall increase of 363% in terms of records breached.

A data breach happens when a cybercriminal successfully infiltrates data sources and extracts sensitive information. The more valuable the information, the likelier an organization is to become a target. The healthcare industry, for example, is often targeted. In fact, the medical industry is the top industries for cyberattacks. However, there are a number of other industries also vulnerable to attack.

The most targeted sectors for cyberattacks are the following:
1. Healthcare
2. Retail
3. Financial Services & Insurance
4. Public Administration
5. Information
6. Professional/Scientific
7. Education
8. Manufacturing

Among these, the top three are Healthcare, Retail and Financial Services. These verticals are where average consumers, clients and patients expose their most sensitive information.

South Florida Law Firms Ransomware Data Breach Statistics

Healthcare

In healthcare, hospitals house a lot of private data. A patient’s medical record, social security, insurance provider, and medication are all valuable to a hacker.

Retail

Retailers are lucrative because of the swipe and go payment machines and the high amount of transactions make credit card or debit card information accessible to cybercriminals through various methods like skimming. Skimming is a means to get card data by creating a duplicate payment cards and re-using the copies.

Financial Services

It’s well known that over 25 percent of all malware attacks target the financial sector. Cyber criminals target financial services companies by implementing Trojan viruses to steal banking information and download data. One of the most famous examples of this was the Equifax data breach. The company’s estimated to lose over $600 million because of it. Furthermore, companies in the financial services industry are paying more to secure infrastructures and protect critical data from theft. That is why financial cloud computing is becoming popular in the industry. Cloud accounting technology is also on the rise.  However, criminals are still motivated to commit cyber crime due to the low risk, high reward nature of cyber-attacks.

Not Your Average Theft

Unlike a physical robbery, it isn’t immediately apparent when you’ve experienced a data breach. It can take weeks, months or, in some cases, years before a breach is discovered. Hackers use this to their advantage, targeting the weaknesses within regulatory guidelines. That’s why it’s important not to take any compliance risks.

These cyber breaches are becoming more dangerous and harder to detect. A financial company’s IT infrastructure is not enough anymore. Organizations are adopting a more proactive approach by employing advanced cyber security software, multi-factor authentication and expert security response professionals layered on top of efficient cloud technology. As a result, financial cloud providers not only anticipate attacks as early as possible, but train financial services firms to assist in their own protection.

The breach in TrialWorks is a perfect anecdote to what can happen to any firm in a number or industries.  When you experience a breach, your company loses credibility, clients, resources and has to deal with all the ramifications of the breach itself. There are long, extensive investigations into the nature of the breach, potential lawsuits and compliance related hassles that can stagnate if not completely ruin a financial firm regardless of size.

Windows 10 May 2019 Update IT Downtime

Microsoft Windows 10 Making a Mess of its New Update

Windows 10 1903’s History

Microsoft struggles to get updates for its Windows 10 users up and running. In the past several months users encountered failures and a variety of error code warnings when installing updates. Since its launch in May, users reported issues with Bluetooth, Wifi and Bluetooth connectivity. Microsoft has tried to remedy the issues the update created but it didn’t do enough and now the company issued a warning to Windows users. The company started displaying a warning to users running on this 1803 update. It read: “ You’re currently running a version of Windows that’s nearing the end of support. We recommend you update to the most recent version of Windows 10 now to get the latest features and improvements.”

This wouldn’t be an issue if Windows 10 1903 wasn’t so flawed and filled with bugs. However, Microsoft is now advising some users to not install the update because it might break the Windows Defenders Advanced Threat Protection (ATP) services.

Windows 10 Can’t Figure it Out

This is a problem for businesses also, considering the end-of-life period for Windows 7 is almost here. Microsoft advised Windows 7 users to migrate to the secure and monitored Windows 10 as support leave Windows 7 altogether. Many businesses like accounting and financial firms operate on Windows 7 and have done so for years. Migrating to a newer Windows program will be difficult and challenging, as these businesses learn to use the different features and setup offered with Windows 10.

Windows 10 1903 came out with a new update that is supposed to fix the bugs mentioned earlier. However, installing the update, according to Microsoft themselves, could create failures in the threat protection program. Now, this won’t impact Windows 10 consumer users, but it could create problems for those businesses who rely on Windows Defender ATP to protect them.

Windows has said it is “working on a resolution and estimate a solution will be available in mid- November 2019,” that still leaves businesses vulnerable. Flawed updates like this can lead to downtime for businesses relying on Windows 10 or Windows Defender ATP.

Windows 10 Update IT Downtime Statistics

Managed IT & Software as a Service

Managed IT service providers that offer Software as a service (SaaS) install all software for the company they work with. In SaaS, the hosted application management model, the provider gives customers access software over the internet. The provider hosts the application in a data center and a customer accesses it through a web browser. Many industries use SaaS, Nerds Support, for example, provides cloud  SaaS solutions for accounting firms and financial services.  SaaS falls under the broad category of cloud computing, which continues to grow and develop in use and popularity.

In the case of cloud accounting or finance IT solutions, Nerds Support provides Microsoft office as part of its services. Moreover, The cloud provider updates and configures all applications provided to the user. SaaS is a popular service as it frees the company from managing the installation of programs like Windows on their own.

Microsoft Users, Don’t Worry

Microsoft’s faulty update will only impact devices in an “affected environment,” which are those running Windows 10 version 1809 or Windows Servers 2019 alongside Microsoft Defender ATP. Windows 10 Enterprise edition has Defender built in and it’s a useful, comprehensive antivirus and security tool, but that might change if you download the cumulative update.

This news might seem complicated if you’re a small or medium sized accounting firm. Maybe you don’t have the proper resources necessary to comb through the technicalities of these updates. But rest assured, not all 900 million users of Windows 10 are impacted by the update nor is it mandatory.

Cloud technology and Software-as- a- Service is becoming the pragmatic solution for businesses that want to focus on delivering their products or services to their clients and not have to worry about faulty updates. Many cloud providers offer to install, update, monitor and backup all applications a growing business needs to operate. Technical support for finance and accounting firms doesn’t just include software. There are even vendors that do Hardware-as-a-service as well. They take care of the installation, repair and maintenance of computers, monitors and all other hardware.

Microsoft’s code is complex, fragile and massive and maintaining it might prove challenging to say the least. That said, they should do a better job with Windows 10 considering it’s will be the default Windows program.

For more information on Microsoft office, the cloud and cybersecurity visit our website!

Cisco Network Outage Data IT Support Breach Downtime

Cisco Outage and Disaster Recovery

Cisco Outage

On Thursday, October 10, 2019 a network outage hit Cisco Systems affecting their entire network. A Cisco spokesperson said in an interview with TechCrunch that the disruption was traced to an internal system change. The problem, however, isn’t the outage it’s the absence of a disaster recovery plan.

The outage lasted for about five hours and prevented users from accessing Cisco’s learning portal, downloading software, signing on, and slowed down response time to support tickets.

The company’s blog also suffered from the outage.  WordPress’ install page appeared on the blog and could not be accessed. Downtime started at about 2pm GTM and lasted for approximately an hour.
It wasn’t a security threat per say but it was an odd sequence of events that could provide insight as to the internal flaws inside the company. The company tweeted later in the evening, “We have traced our disruption to an internal systems change, and are in the process of being fully restored.”

HTTP 500 error displayed on the website. The curious aspect of this story is the message that presented itself on the failed page. “Please contact the server administrator, it-webmasters.cisco.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.”

Cisco hasn’t opened up about what exactly happened and how, saying on twitter: “Cisco is continuing to address the disruption to our IT systems.” However, there are things to be learned from this event.

This outage was a huge issue for Cisco, a large company, but it’s much more common among smaller tier organizations. A business needs power to run, obviously. However, unexpected outages create situations from which it’s difficult to recover.

Outages aren’t Uncommon

Lloyd Banking Group, a British retail and commercial bank branching across England and Wales, also experienced an outage in February of 2019. Customers could not log in to their bank accounts. Furthermore, IT outages in the banking sector are becoming more of an issue, not only for banks but for their customers. An outage prevents customers from accessing valuable financial information and regaining control after such an outage is a logistical nightmare.

If a large companies such as Cisco or banks like Lloyd Banking Group can experience outages then it can happen to anyone. Outages and downtown can mean a host of services rendered useless and inaccessible. That is why it’s important to get your downtime as low as possible. 9/10 data center professional professionals say that company management is more about lessening downtime than it was in previous years.

Cisco stores its bits and updates firmware internally. In other words, it handles its IT processes internally. Publications like Tech Republic suggest the company would be better served adopting a cloud platform. If Cisco had the company blog hosted on the cloud or separated from production systems, they could have communicated their network status during the outage.

 

The Cloud and Disaster Recovery

Cloud solutions for financial businesses is not new, but financial cloud computing has one particular advantage that mitigates downtime. See, if an outage impacts a business, it should have a plan for accessing its data. Institutions who adopt a  financial cloud service have the advantage of accessing their files and backups from anywhere. Cisco failed to plan accordingly beforehand and there was no way to communicate to its users and customers of the outage, leaving many confused and disgruntled. Hosting their blog on the cloud could have prevented this.

If your facility is compromised by an outage, recovering data stored in house requires waiting for the business to regain access to the facility and hoping nothing was lost. However, a hybrid cloud approach to disaster recovery reduces risks of downtime. Some cloud providers, like Nerds Support for example, offer Disaster Recovery as a Service. Meaning, that there are financial  cloud service providers, not all, that assist with developing a strategy and recovering data stored on the cloud servers.

Disaster Recovery Plan & Downtime Prevention

The cost of downtime rose 60 percent from 2014 to 2016 according to the Aberdeen Group. In other words, cost went up from $164,000 per hour to an average of $260,000 per hour across all industries. Although costs are incredibly high, downtime prevention is often overlooked. As we’ve seen above it doesn’t matter how large or small your firm is, it’s incredibly important to have a business continuity and disaster recovery plan in place. If you or your staff don’t know what to do in the event of an outage, things could spiral out of control.

In the UK the Treasury committee launched an inquiry into banking IT failures. Last year, TSB bank in England also experienced an IT outage so disastrous the CEO, Paul Pester, was forced to quite. Even if an institution has the most advanced cybersecurity and backs up their data regularly, they’re still at risk of experiencing downtime if the infrastructure and environment isn’t monitored properly.

 

Another reason that downtime is a problem for your firm aside from the financial loss is data loss. Critical data loss often occurs during downtime. Over three-quarters of executives experience serious data loss caused by downtime, according to a 2016 poll.

Cisco Network Outage Data IT Support Breach Downtime Statistics

Is your Firm Vulnerable to an Outage?

Ask the following questions to determine whether your business is properly protected and has the necessary oversight:
• Is there a time when the digital environment is unmonitored?
• How long has it taken to recover from downtime in the past? Was it past a certain time frame?
• Are there sufficient IT personal with the required experience to manage software maintenance and respond to threats?

Some businesses and financial institutions have the resources needed for constant monitoring. However, those who don’t should consider adopting a financial cloud infrastructure. Cloud service providers should provide 24/7 support, detailed service level agreements and experienced systems engineers.
You can avoid downtime when you have the proper tools, guidance and expertise. Achieving maximum up-time is possible with the cloud. Visit the Nerds Support website to read more about Downtime prevention, cyber security, or cloud compliance.