John Reed Stark

  • Blog

    Some key cyber-security tips for financial firms


    As the SEC and FINRA are taking cyber-security much more seriously, John Reed Stark outlines a few ways in which financial firms can also do more to protect their data.

  • Blog

    There simply are not enough cyber-security specialists


    Companies need to get much more aggressive when it comes to recruiting the right talent to head their cyber-security efforts, writes John Reed Stark.

  • Blog

    Cyber-security due diligence: a new imperative


    Weak cyber-security is as much a hallmark of corporate mismanagement as poor corporate governance, bad tone from the top, and check-the-box compliance. But by taking the due diligence aspects of cyber-security seriously, compliance officers can turn data protection into an opportunity. John Reed Stark has more.

  • Blog

    Avoiding Vanguard’s cyber-security stumble


    Image: A recent incident at Vanguard in which the company unintentionally sent 71 e-mails pertaining to different customer transactions to a random Vanguard customer triggered a flawed response from the company that demonstrates how SEC-registered entities can underestimate just how difficult it is to manage customer data-related predicaments. CW’s John ...

  • Blog

    The SEC’s Newly Proclaimed Search Warrant Authority


    The Securities and Exchange Commission has broad subpoena powers that this dedicated corps of highly credentialed professionals—inspired by a noble sense of mission, and rich with a long history of investor advocacy—tries to use in the best way possible. But when it comes to issuing subpoenas for electronic storage devices, ...

  • Blog

    What Makes a Good ‘Pen Tester’


    Penetration testing is the exercise of testing a company’s cyber-security defenses, and finding the right “pen tester” to do that can be difficult. Learn how to find the right blend of capable, trustworthy, and innovative cyber-security professionals. More inside.

  • Blog

    Transforming the Cyber-Security Paradigm


    Though data breaches are inevitable, companies still remain too focused on fortification rather than response, failing to adopt to the harsh realities of rapidly emerging international and multifarious cyber-security threats. Inside, columnist John Reed Stark recommends a three-step cyber-security transformation for companies to undertake to combat recent rapidly evolving cyber-dangers.

  • Article

    SEC Pushes New Limits on Cyber-Security, Securities Fraud


    Another byproduct of life in the cyber-security age: The SEC is redefining insider trading to focus more on improper trading, even if you are a thief mining a company for inside information without actually working there. The misconduct—called, yes, “outsider trading”—seems to be an SEC-enforceable offense so far, and it ...

  • Article

    The Workflows You Need to Use After a Data Breach


    Compliance officers have enough scrambling to do after a data breach. Not understanding the steps to take, or not being in proper position to take them, only makes matters worse. Inside, guest columnist John Reed Stark walks through all the steps your company needs to take—including those to take before ...

  • Article

    Preparing Your Board for Cyber-Security Oversight


    Every board knows its company will fall victim to a cyber-attack and, worse, that the board will need to clean up the mess and superintend the fallout. This week, guest columnist John Stark, a long-time student of cyber-security risks, breaks down the fundamentals any board must establish for cyber-security, and ...