Ask not what your country can do for you...

Today I got pulled into a conversation with an old friend and mentor of mine.  In the conversation he mentioned John F. Kennedy and how he was able to pull in the world when he gave a speech.  I wasn't even born when JFK was president and would have loved to had the chance to hear him live over the airwaves.

I am sure you are starting to wonder if Eric has lost it by now or where is he going with this.  Well in JFKs inaugural address  the country was pulled together and motivated to build itself up.  I feel like we could use that motivation these days.  It is different times now, but the technological seeds that were being planted in the early 1960's have grown and we have harvested many times from them.  This technology now drives our commerce and our booming economy.  This technology keeps growing faster every day.  With this growth we will have challenges to go with the advantages that new technology gives us.

As we all know, technology today can help build even small business up to levels never reachable 50 years ago.  This enablement of the cyber economy allows small business owners to reach around the world to markets they never would have dreamed of.  The connectivity allows you to form partnerships and share information instantly.  Your business is open as long as it is online; it is NEVER closed.  It is here where your business becomes vulnerable to every notorious organization around the world.

The Internet was built on technologies funded by our government. Most of the advances in processing and communications in the last 50 years have all been heavily driven by our nation's budget, either for defense or managing our federal infrastructure.  Our economy and businesses have benefited heavily from these initial investments from our government. The one thing that hasn't caught up with our ability to use the technology to run our businesses, is our ability to deploy it securely. 

It's pretty simple: small business owners do not have the resources that mega large enterprise organizations have.  But the federal government has stepped up in this area as well.  The push by the current President Barack Obama to fund the development of the Cybersecurity Framework by NIST is the first step in this direction.  The next step is now up to YOU the small business owner.  You should now be asking yourself "what can I do for my country?" and begin using the framework to help protect your company, your customers and the safety of the nation's economy that is relying on you.


Eric McWilliams is the founder of FINSECTECH and the guy behind the NIST Cybersecurity Framework as a Service (FaaS).  Eric has worked in the IT Security Industry for the past 20 years. Before that, he got his start in the United States Marine Corps.  These days he loves spending time with his daughter and turning technical ideas on napkins into products for the world.


SEC Fines Adviser for Failing to Adopt Proper Cybersecurity Policies

This week was the FIRST time the SEC has fined a company for not properly securing personal information, by going after the company for not applying proper cybersecurity policies and processes.  The SEC’s order finds that R.T. Jones violated Rule 30(a) of Regulation S-P under the Securities Act of 1933.  We are sure many more issues like these will follow.

This rule is from 80 years ago and so old that Cyber anything wasn't even an idea in anyone's mind.  This rule require registered investment advisers to adopt written policies and procedures, reasonably designed to protect customer records and information.  Looks like this law written 80 years ago fits pretty well into the industry we have today. 

According to the SEC’s order instituting a settled administrative proceeding:

  • R.T. Jones stored sensitive PII (Personally Identifiable Information) of clients and others on its third party-hosted web server from September 2009 to July 2013.

  • The firm’s web server was attacked in July 2013 by an unknown hacker who gained access and copyrights to the data on the server, rendering the PII of more than 100,000 individuals, including thousands of R.T. Jones’s clients, vulnerable to theft.

  • The firm failed entirely to adopt written policies and procedures reasonably designed to safeguard customer information.  For example, R.T. Jones failed to conduct periodic risk assessments, implement a firewall, encrypt PII stored on its server, or maintain a response plan for cybersecurity incidents.

  • After R.T. Jones discovered the breach, the firm promptly retained more than one cybersecurity consulting firm to confirm the attack, which was traced to China, and determine the scope.

  • Shortly after the incident, R.T. Jones provided notice of the breach to every individual whose PII may have been compromised and offered free identity theft monitoring through a third-party provider.

  • To date, the firm has not received any indications of a client suffering financial harm as a result of the cyber attack.

As far as I can tell the firm handled the breach as best they could after it was noticed.  The issue the SEC found, was that the firm had failed to adopt any written policies or procedures to protect its data systems.  The usage of the NIST Cybersecurity Framework, which the SEC and other regulators have been directing firms to utilize the past 2 years, would have put the firm in better standings with the SEC and not ended up costing them $75,000 in fines. 

If your firm is looking for guidance on implementing the NIST Cybersecurity Framework and being able to prove to regulators that you are keeping up with best practices across your firm, please contact us at FINSECTECH today.

FINSECTECH at US Chamber of Commerce Cybersecurity Summit

It is a great pleasure to be a sponsor of the US Chamber of Commerce Cybersecurity Summit in Las Vegas next week.  The Chamber is putting on the conference to spread the word and knowledge about the NIST Cybersecurity Framework. After attending the Minneapolis Cybersecurity Summit, Andrew and I noticed there was a huge crowd of businesses that were all interested in NIST, but none of the vendors at the conference or the sponsoring booths outside of the US Department of Homeland Security were pitching their usage of the NIST Framework, or anything to do with NIST.  All of the vendors seemed to be offering the same thing that every IT vendors offers: consulting services, rack space, hardware, etc... 

We saw this as a huge problem and decided to join the conference next week as a sponsor.  We think this will help the businesses that are interested in implementing the Cybersecurity Framework and also get our product out there.   The Chamber listed the following reasons to attend the seminar:

  • You've heard something about a cyber framework--you're not exactly sure what it is--and want to learn more.
  • You have cybersecurity or risk-management responsibilities for your organization--whether private or public.
  • You have a cybersecurity program for your business and want to strengthen it.
  • You're a large company looking for ways to communicate about cyber with your small and midsize supply chain partners.

All four of their reasons are the very reasons we have formed FINSECTECH.  Our Framework as a Service is THE solution for anyone attending this Cybersecurity Summit without a doubt.

Anyway, once again we are super excited to be attending this conference.  Here is the conference agenda from the Chamber of Commerce.