The Customer

Susan, the Advisor, has been in the investment business since 1993.  When she decided to strike out on her own in 2012, she formed an independent RIA, providing investment management, tax and retirement planning, and financial planning services to over 40 different high net worth clients. Susan says her job is a little like playing quarterback in the financial lives of her clients.

The Challenge

The U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE)  had recently sent to the Firm, and many other firms like them, notification that as of February 12, 2014 all securities related firms are required to have a cybersecurity policy. The OCIE provided an extensive list of compliance requirements suggesting that if any firm reports more than 10 breach incidents, unauthorized access to customer information, or the unavailability of a firm service for more than 10 minutes that they could be considered non-compliant and subject to fines.

The Solution

The very first thing we did is work with Susan to write the corporate cybersecurity policy.  Once we reached an agreement on a version of that document, we then set out to make their office setup match their policies.  We implemented hard drive encryption of all laptops and PC’s, established centralized monitoring of patches, virus, spyware and malware protection.  The addition of event and endpoint security allowed for continuous audit trail reporting of access to all corporate equipment and protection against inappropriate and unauthorized use of external USB devices for transfer of sensitive data into and out of the office.  Centralized authentication, via a secure VPN tunnel to the data center combined with managed firewall protections and intrusion detection security on both ends completed the circle and allowed the Firm to confidently rest at night knowing their environment was safe and compliant, all the way out to the edge of the network.

The Results

The Firm is pleased to report that they have completed their compliance audit and are confident that they are in compliance with the OCIE cybersecurity requirements. They are thrilled that staff time is no longer tied up with trying to understand and administer the complexities of OCIE compliance requirements, and can re-focus on the business at hand.
Says Susan, “We’ve been very pleased with Grassroutes Networking. Justin is always very responsive. He comes over whenever we need him to, though because the solution is so well implemented, we seldom need him to. Grassroutes is accessible and able to solve whatever issue might spring up and we are glad to be fully compliant. They have exceeded my expectations.”