Microsoft 365 sits at the center of most advisory and financial firms’ operations. Email, document storage, identity, collaboration, and authentication all converge there—which makes it one of the most critical…

For years, cybersecurity was treated as a technical problem—something delegated to IT, managed quietly in the background, and addressed with vague references to “best practices.” I have spent enough time…

Most SEC-registered firms believe they have a clear understanding of which systems are exposed to the public internet. In reality, many firms do…

I’ve posted a new document to The BrainTrust repository:

This guide is the execution-layer companion to the…

In the intelligence world, you never rely solely on what a subject tells you.  

 You validate the story through…

Over the past year or two-ish, a powerful convergence of forces has quietly — but decisively — reshaped the risk landscape for every RIA and financial institution.

This shift is…

A newly revised Cybersecurity Policies & Procedures Template is now available to all members. This update incorporates the 2024 amendments to Regulation S-P (effective August 2, 2024) and aligns the…

Effective Date: August 2, 2024

Compliance Deadline for Smaller Firms: June 2026

Regulation Applies To: SEC-registered Investment Advisers, Broker-Dealers, Investment Companies, and Transfer Agents

The Full SEC…

This video walks through how we build a cybersecurity Policies & Procedures Manual that not only satisfies today’s regulatory requirements but also anticipates what’s coming next.

Although Rule 206(4)-9 was…

We’ve added a new Vendor Due Diligence & Risk Assessment Questionnaire to help you streamline one of the most critical parts of your cybersecurity compliance program — assessing the firms…

Most firms assume their MSP “has cybersecurity handled.”

The SEC’s position is clear: you can outsource the work, not the accountability.

I just posted a new…

We’ve just added a major new resource to your member library — the MTradecraft Incident Response Plan (IRP) Template.

This…

The is information very few want to talk about. 

In today's interconnected world, where corporate data is…

You can use the free MX Toolbox Supertool to check your email records and compare your settings to the recommendations below:

So what is broken?

Email has been around…

If you’re an SEC-registered firm, “good enough” cybersecurity won’t cut it—especially after an exam, a growth spurt, or a leadership change. The Cybersecurity Blueprint is a practical, step-by-step program that…

You’re receiving this bulletin as part of your BrainTrust membership. 

Each week we deliver a curated snapshot of newly published cybersecurity vulnerabilities that may affect SEC-registered firms and their vendors…

You’re receiving this bulletin as part of your BrainTrust membership. 

Each week, we deliver a curated snapshot of newly published cybersecurity vulnerabilities that may impact SEC-registered firms and their vendors.