FINRA: End-to-end encryption leads to security in securities
Tresorit offers FINRA-compliant cloud storage solutions
Cybersecurity is a fundamental consideration for any company – especially as remote work opens up dozens of new attack vectors. Some firms, including financial service providers, are especially at risk because of the vast amount of personal data they handle. Naturally, oversight bodies have recognized the risks, prompting FINRA to issue guidance on cybersecurity.
FINRA – The what, where, and why
The Financial Industry Regulatory Authority, FINRA is a not-for-profit created in 2007 to monitor broker-dealers in the United States. Overseen by the SEC and mandated by the US Congress, FINRA aims to ensure that the American securities industry operates fairly and honestly. In this role, it monitors over 600,00 brokerage firms in the United States and billions of transactions each day.
What are the implications of not complying with FINRA guidelines?
FINRA investigates potential securities violations to protect investors and create a transparent operating framework for firms. Should any actions warrant formal disciplinary actions, FINRA will proceed through a settlement or litigation process.
The organization can issue sanctions, including fines, personal or firm-wide suspensions, and has the power to bar both individuals and companies from the industry. In 2015, FINRA fined Sterne Agee & Leach $225,000 after a company employee lost a laptop containing the unencrypted personal information of over 350,000 customers. There was no indication that malicious actors had used the data, but FINRA acted nonetheless due to the company’s failure to adequately protect its customers’ personal data at rest.
How does Tresorit support compliance with FINRA?
The importance of cybersecurity has only grown since 2015, as has public awareness around data protection. To ensure that broker-dealer firms understand the risks and work to increase their cybersecurity, FINRA has published a Cybersecurity Checklist, and regularly updates these guidelines to improve awareness and security. The organization has identified phishing attacks, insider threats, remote work, and mobile devices as high-risk factors. FINRA recommends encryption as protection against cyber-attacks and unauthorized access.
Tresorit’s zero-knowledge end-to-end encryption (E2EE) goes a step beyond this and supports the compliance of FINRA members through:
- Safe storage: FINRA requires that all companies preserve documents and accounting records for a set time. Tresorit’s E2EE storage ensures that data is secure in these archives and backs data up in several different storage centers to avoid data loss.
- Protection from cyber-attacks and unauthorized access: Tresorit’s robust administrator toolset enables granular-level access-right management, ensuring only authorized personnel can access data.
- Secure client collaboration: E2EE file requests allow companies to collect documents from their partners in a completely secure channel rather than as email attachments.
- Making FINRA audits efficient: Detailed audit logs, reporting capabilities, and reporting options in Tresorit make FINRA reviews hassle-free.
- Offering control and supervision over data handling: Reporting tools help companies detect deviations from regular user activity and suspicious actions in a timely manner.
Broker-dealer firms cannot operate without personally identifiable information – at the most basic level, they must connect accounts to their owners and share some level of information through their organization. Tresorit’s secure E2EE cloud storage and collaboration tools are among the safest options they can choose – so, if you’re looking to start your compliance journey with a trusted provider, find out more about the Tresorit offering here.