Financial services organizations trust Layer 7 Data Solutions to help them address cybersecurity risk and adhere to compliance needs.

Investors and Financial Advisors

According to Compliance Programs of Investment Companies and Investment Advisers, the SEC “expects that an adviser's policies and procedures, at a minimum, should address the following issues to the extent that they are relevant to that adviser:

  • Safeguarding of client assets from conversion or inappropriate use by advisory personnel;

  • The accurate creation of required records and their maintenance in a manner that secures them from unauthorized alteration or use and protects them from untimely destruction;

  • Safeguards for the privacy protection of client records and information; and

  • Business continuity plans.”

Additionally, new rule 38a-1 (for funds) and amendments to rule 204-2 (for advisers) require firms to maintain copies of all policies and procedures that are in effect or were in effect at any time during the last five years.

In late 2017, the SEC issued a report on the state of cybersecurity for a subset of SEC-regulated organizations, and released this findings document which firmly suggests that investment advisors do what Layer 7 Data offers, namely security and gap analyses, penetration testing, and written cybersecurity policies.

Banks and Credit Unions

One of the primary drivers for cybersecurity services in these institutions is the Payment Card Industry’s Data Security Standard (aka PCI-DSS).  According to the PCI-DSS v3.2 Quick Reference Guide, “occasionally lax security by some merchants enables criminals to easily steal and use personal consumer financial information from payment card transactions and processing systems.”

We realize that PCI DSS compliance is a continuous process involving assessment, adjustment, and reporting on an ongoing basis.  Layer 7 Data can help banks and credit unions with any of the 12 PCI requirements.

GoalsPCI DSS Requirements
Build & maintain secure networks and systems1. Install and maintain a firewall configuration to protect cardholder data
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Protect cardholder data3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open, public networks
Maintain a vulnerability management program5. Protect all systems against malware and regularly update antivirus software or programs
6. Develop and maintain secure systems and applications
Implement strong access control measures7. Restrict access to cardholder data by business need to know
8. Identify and authenticate access to system components
9. Restrict physical access to cardholder data
Regularly monitor and test networks10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
Maintain an information security policyh12. Maintain a policy that addresses information security for all personnel

From building a secure environment at the outset to performing regular penetration testing and vulnerability assessments, to tweaking written cybersecurity policies, Layer 7 Data Solutions has you covered.