FINRA Compliance with FileCloud
FINRA (the Financial Industry Regulatory Authority) rules serve as a guideline for the financial industry, detailing the specific policies that its members must follow and the information they need to collect, maintain, and protect.
FINRA enforces compliance with record-keeping rules, including SEC books, record rules applicable to broker-dealers, and Municipal Securities Rulemaking Board (“MSRB”) record-keeping rules. These regulations aim to provide regulators and investors quicker, faster, and more secure access to critical information to protect investors’ and stakeholders’ information and interests.
These rules broadly try to cover the following areas of threats and process
- Identify and assess cybersecurity threats;
- Protect assets from cyber intrusions;
- Detect when their systems and assets have been compromised;
- Plan for the response when a compromise occurs; and
- Implement a plan to recover lost, stolen, or unavailable assets.
Features offered by FileCloud for FINRA
The five core sections of the checklist follow the NIST Cybersecurity Framework: Identity, Protect, Detect, Respond, and Recover.
- Identify – Do you store or use PII like social security numbers, date of birth, etc for your business? FileCloud will help you access and identify these risk inventories with the metadata tags and federated search. So you can monitor and restrict the use of this data with the unauthorized entity.
- Protect – Protect your sensitive data with end to end encryption, antivirus, and ransomware protection. You can also restrict the sensitive data for authorized personnel only with the help of FileCloud
- Detect – FileCloud keeps track of complete audit logs (what, when, who, where, and how). Receive detailed share analytics and logs of file uploads, downloads, deletions, and previews. Audit logs can be searched based on keywords.
- Respond – FileCloud can help you protect file records from accidental deletion and corruption. If a user deletes any sensitive files, FileCloud can be configured to send email alerts to administrators and supervisors.
- Recover – FileCloud features the most robust data storing, archiving, and retrieving settings in the industry, enabling customers and solution providers in creating a compliant-ready enterprise file access and sharing solution.
FileCloud helps you with addressing these rules with the following features
Ability to allow only private shares
File sharing allows users to provide public or private access to files stored in FileCloud Server with various levels of access privileges.
To control how users share files and folders in ways that are appropriate for your organization, administrators configure the following options:
- You can choose to allow or restrict file sharing for all accounts in FileCloud
- When a user wants to share a file or folder, administrators can decide which options should be automatically chosen.
- Administrators can configure FileCloud to allow sharing to happen for a temporary time or allow shares to existing as long as the file or folder exists
- Instead of just communicating the most secure sharing procedure to your users, administrators can configure settings in FileCloud Server to automatically require passwords and hide the display of account names that can be used for attacks.
Data and file backups
You can use the FileCloud Backup Server to create a copy of an entire server installation.
The backup includes:
- audit logs
Federated search capabilities
As an administrator, you may need to find a file or folder quickly in a large data set.
- FileCloud supports searching the entire FileCloud system for files and folder with the Federated Search feature.
- The search may be a regular file or folder name search
- For full content search, configure content search
Recycle bin capabilities
If you had accidentally deleted file/folder, you can recover it from the deleted files link. The deleted files section acts as a recycle bin to store the files that are deleted. The administrator must have enabled this feature to send the deleted files to recycle bin if not the files will be permanently deleted. To recover the deleted files you can move cut from the deleted files and paste to the location where the file must be restored.
Anti-virus and ransomware protection
You must address virus scanning as it is a critical security feature, especially when file storage is involved.
- FileCloud allows users to upload files with arbitrary content.
- It is of utmost importance to make sure that the uploaded files are checked for malicious content in the form of viruses, trojans, malware, etc.
- FileCloud readily integrates with a variety of non-commercial and commercially licensed antivirus solutions available in the market.
You can configure FileCloud to scan uploaded files in the following ways:
- Use ClamAV, opensource antivirus software that is included with FileCloud
- Use ICAP to integrate your own choice of antivirus scanning software with FileCloud
FileCloud protects the confidentiality and integrity of your files in transit and at rest.
- AES 256-bit encryption to store files at rest.
- SSL/TLS secure tunnel for file transmission.
- Site-specific, customer-managed encryption keys in a multi-tenant setup.
Ability to set retention policies
As an administrator, you can create Retention policies to automate some of the processing related to protecting files and their folder groupings. This policy-based automation is designed to help secure digital content for compliance, but it can also enhance the management of digital content for other business reasons.
- Retention policies are created and attached to files and folders.
- These special policies allow you to define the conditions that enforce a set of restrictions on how each file or folder can be manipulated.
- For example, you can create a Retention Policy that disables a user’s ability to delete any of the files and folders named in the policy.
A new built-in metadata set called Document Life Cycle contains a CheckSum attribute that provides a unique fingerprint for every file.
CheckSum: File SHA256 Fingerprint
The SHA256 Fingerprint:
- Is a unique text string generated by the SHA-1 hash algorithm.
- It is a standard for the implementation of a secure hash algorithm.
- It is a one-way hashing function that can be used to act as a signature of a sequence of bytes.
While multiple files can have the same size and the same name, there is only one unique HASH for every file.
- A new SHA256 fingerprint is generated every time a file is changed (uploaded, edited, renamed)
- The CheckSum is shown for every file in the User Portal on the Metadata tab
- You can use the hash to compare the integrity of the file downloads. This is a standard way to verify a file.
This feature was added to help you know for sure, and be able to prove when a user has shared a specific restricted file
Preservation of audit logs
As an administrator, you can use audit logs to quickly see what has changed on your FileCloud Server site, such as:
- Were any new accounts created recently
- How many clients are logged in
- What are users commonly searching for on the site
- How many files are being uploaded and downloaded