Almost every organization that is responsible for storing sensitive data, including private-sector corporations, investment firms, and government agencies, understands that effective cybersecurity plays an important role in shielding individuals’ personally identifiable information (“PII”) from digital attacks of constantly increasing sophistication.
Nonetheless, the high frequency with which data leaks occur at organizations we trust with our information is a disturbing reality.
A recent example of a significant breach was a leak of major proportions recently discovered at the Oklahoma Securities Commission by the cybersecurity firm UpGuard.
The Scope of the Oklahoma Data Leak
On December 7, 2018, UpGuard discovered an unsecured rsync server containing three terabytes of data dating back to 1986, comprising millions of files that contained a wide variety information, including but not limited to:
- System credentials
- Internal documentation and communications pertaining to enforcement and FBI investigations
Unfortunately, the period of time that the data was exposed to the public appears to be unknown, but it was registered as publicly accessible on November 30th, 2018 and was removed within a week of notification.
UpGuard reports that it informed the State of Oklahoma of the security issue on December 8 and immediately secured the server by blocking any further public access and preventing any outsiders from downloading files.
The Importance of Securing Data
This is only the latest in a large number of breaches involving rsync databases.
Digital storage of documentation and its duplicate backup copies is important for a number of reasons, including:
- Retaining valuable information in case of system failure
- Compliance with retention regulations
- Availability of data in case of ransomware attacks
However, as the experts at UpGuard make clear in their summary of the data breach and their security response, the key to security is to make certain that control is maintained over every existing copy of data contained within an organization’s servers.
Strengthening Information Security and Cybersecurity Defenses
Like government organizations, RIAs are responsible for adequately securing their internal business documentation and system credentials, as well as keeping the PII and financial records of their clients safe. It is critical for firms to develop and maintain robust cybersecurity and information security protocols.
Effective security protocols usually include vulnerability assessments and risk-based penetration testing to detect weaknesses, which can guide remediation before a costly leak or breach occurs. Such measures can help your firm determine whether its cybersecurity measures are meeting your firm’s obligations to client security.
Cybersecurity Protocol — Help Is Available
Core Compliance & Legal Services, Inc. provides to firms, both large and small, our extensive experience and expertise in the latest developments of cybersecurity policies and procedures, including risk-based assessments of information security protocols.
Contact us if you have questions or need support in the development or implementation of more robust cybersecurity policies and procedures at your firm — help from the experts is available here.