MTradecraft

MTradecraft
Sign in Subscribe
Menu

Archive

The Betterment Breach : A Case Study in How Modern RIA Breaches Actually Happen.

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0


The Betterment Breach (January 2026):What Actually Happened — and Why Every RIA Should Be Paying Attention


In early January, Betterment disclosed a cybersecurity incident affecting customer information and communications. Most…

BrainTrust Video: Operationalizing Cybersecurity Governance Under Amended Regulation S-P

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0
The SEC’s amendments to Regulation S-P represent one of the most significant shifts in cybersecurity expectations for investment advisers in over two decades. While the rule is often described as

How the SEC Expects RIAs to Supervise AI — Today

Comments 1
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 1
Artificial intelligence does not trigger a new regulatory regime — it operates within the one that already exists.

An adviser needs a formal AI governance structure as soon as AI…

You Can’t Prove Cybersecurity Compliance Without Internal Vulnerability Scans

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0

Let's discuss the internal vulnerability scan — the process regulators expect firms to use to identify cybersecurity risks in systems that handle client data.

Under SEC expectations for investment advisers…

The 206(4)-7 Annual Compliance Review Template and Checklist

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0
Hi everyone —

If you’re an SEC-registered investment adviser, your Rule 206(4)-7 Annual Review isn’t optional — and the SEC expects it to be more than a once-a-year “checkbox.” 

The…

Practical Takeaways from the SEC’s M Holdings Cybersecurity Case

Comments 1
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0
 

MTradecraft has no affiliation with M Holdings.  We both just fancy the 13th letter of the English alphabet.


The SEC actions against M-Holdings are extremely noteworthy so lets jump…

Best Practices for Securing a Microsoft 365 Environment

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0


Microsoft 365 sits at the center of most advisory and financial firms’ operations. Email, document storage, identity, collaboration, and authentication all converge there—which makes it one of the most critical…

Cufflinks or Handcuffs: Navigating the New Era of Executive Cybersecurity Liability

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0

For years, cybersecurity was treated as a technical problem—something delegated to IT, managed quietly in the background, and addressed with vague references to “best practices.” I have spent enough time…

Guide to Performing a Cybersecurity Risk and Threat Assessment using Shodan.

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0


Introduction to the Risk and Threat Assessment.

Most SEC-registered firms believe they have a clear understanding of which systems are exposed to the public internet. In reality, many firms do…

New Guide Posted: How to Execute the Cybersecurity Policies & Procedures Manual

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0
I’ve posted a new document to The BrainTrust repository:


“An Overview and Introduction to the MTradecraft Cybersecurity Policies & Procedures Manual.” 


This guide is the execution-layer companion to the…

How A Spy Would Conduct a Vendor Due Diligence Analysis for an SEC Registered Firm

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0

Leveraging Open Source Intelligence (OSINT) to Fortify RIA Vendor Oversight:

In the intelligence world, you never rely solely on what a subject tells you.  

 You validate the story through…

The Future of RIA Operations, IT Infrastructure, and Security...my $0.02.

Comments 1
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 1
Over the past year or two-ish, a powerful convergence of forces has quietly — but decisively — reshaped the risk landscape for every RIA and financial institution.

This shift is…

New Cybersecurity Policies & Procedures Template Released — Fully Updated for the 2024 Regulation S-P Amendments

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0
A newly revised Cybersecurity Policies & Procedures Template is now available to all members. This update incorporates the 2024 amendments to Regulation S-P (effective August 2, 2024) and aligns the…

The New SEC Regulation S-P Amendments: What Every RIA Needs to Know

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0

Effective Date: August 2, 2024

Compliance Deadline for Smaller Firms: June 2026

Regulation Applies To: SEC-registered Investment Advisers, Broker-Dealers, Investment Companies, and Transfer Agents

The Full SEC…

Mastering the Cybersecurity Policies and Procedures Manual

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0



This video walks through how we build a cybersecurity Policies & Procedures Manual that not only satisfies today’s regulatory requirements but also anticipates what’s coming next.

Although Rule 206(4)-9 was…

New Compliance Template Available: The Vendor Due Diligence Questionnaire

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0
We’ve added a new Vendor Due Diligence & Risk Assessment Questionnaire to help you streamline one of the most critical parts of your cybersecurity compliance program — assessing the firms…

The SEC RIA Incident Response Plan

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0


New Resource Added: The SEC-Compliant Incident Response Plan Template

We’ve just added a major new resource to your member library — the MTradecraft Incident Response Plan (IRP) Template.

This…

The Unseen Risk of a Stolen iPhone to your Firm's Network

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0
The Single Point of Failure: How a Stolen iPhone Can Unravel Corporate Security

The is information very few want to talk about. 

In today's interconnected world, where corporate data is…

Why Email Is Still Broken — and What You Can Do About It

Comments 0
{like: "Like", liked: "Liked", likes_html: {one: "1 <span class='like-text'>like</span>", other: "%{count} <span class='like-text'>likes</span>"}, index: {more_likes: {one: "And one more", other: "And %{count} more"}}} 0
You can use the free MX Toolbox Supertool to check your email records and compare your settings to the recommendations below:

[hidden link]

So what is broken?

Email has been around…