BlueJeans Blog

FINRA Cyber Security Compliance with BlueJeans

This month in 1792, the New York Stock Exchange (NYSE) was founded when 24 stockbrokers signed what was aptly named the “Buttonwood Agreement” on Wall Street for reportedly conducting the meeting beneath a Buttonwood tree. While mostly governmental securities, such as War Bonds from the Revolutionary War and First Bank of the United States, these earliest securities set the stage for world economic growth.  

To ensure consumer safety in trading, the U.S. Securities and Exchange Commission (SEC) was founded in 1934 to make and enforce the rules for securities markets in the US. Those wo work in the security space are well versed in the many rules and regulations set forth by the SEC and other governing bodies. But I understand how confusing it can be for those not living and breathing the world of trading and markets—so let me help break it down.

The SEC delegates most of its enforcement and rulemaking authority to FINRA. Short for Financial Industry Regulatory Authority, FINRA is an independent regulatory body that promotes investor protection. As part of formulating and enforcing rules governing registered brokers and broker-dealer firms in the United States, FINRA also publishes Cybersecurity measures to be followed by Financial Institutions (FIs).

While it can seem overbearing, the rules set in place are meant to protect and keep investor confidence high by enhancing the integrity, efficiency and competitiveness of the financial markets.

At BlueJeans, the happiness and safety of our customers comes first—which is why we implement stringent security controls within our product to protect both our customers. For example, BlueJeans has been SOC 2 compliant for the past 5 years, is GDPR compliant and is preparing for ISO 27001 certification.

SOC 2 is an auditing procedure that ensures SaaS providers are securely managing customer data in order to protect the organization’s interests and the privacy of its clients. SOC 2 compliance is important for data safeguarding and should always be considered when evaluating a SaaS company.  

Similarly, the General Data Protection Regulation (GDPR) is a recently established regulation in European Union (EU) law on data protection and privacy for every EU citizen and those within the European Economic Area—meaning companies working within EU borders must be explicit about how they’re collecting, sharing and using personal data.

As the only auditable international standard that defines the requirements of an information security management system (ISMS), ISO 27001 certification helps organizations keep information assets secure. These policies, procedures, processes and systems are meant to manage information “risks” like cyberattacks, hacks, data leaks and theft.

Providing Compliance Peace of Mind
Customers in highly regulated industries, such as finance, can rest easy knowing BlueJeans will keep them in compliance while fulfilling their video conferencing and livestream needs.

“We have used BlueJeans Events 2 years running for our Annual Investor Conference. This year we expanded to allow all employees to connect. We wanted an employee to be able to watch the Investor Conference Broadcast no matter where they were. The feedback we received was positive across the board. We were extremely happy with the outcome.” – IT Vice President, Financial Services Company

To start, financial institutions can set the data retention requirement for a minimum of six years—with the first two years of data being easily accessible online. Data within the BlueJeans application is also minimal and includes only personal information pertaining to meeting attendees, meeting call detail records and recordings of meetings (if any). BlueJeans also encrypts data at rest and in transit for confidentiality and maintains a backup copy of the data for high availability.

Whether Financial Institutions use BlueJeans video conferencing to conduct business within their organization, or with customers, they’ll always be FINRA compliant. BlueJeans has implemented several security controls to safeguard customer records and information, as well as the disposal of consumer report information. These measures include:

  • Requiring only minimal personal information from users for using the video conferencing service, protecting access to that information using authentication, role-based access and encryption at rest, in transit and at use. All data changes are logged.
  • Financial institutions can set policies on data retention, deletion and sharing on recorded meeting content.
  • BlueJeans limits the information collected only for the purpose of providing the video conferencing and does not retain the data any longer than necessary.

Finally, BlueJeans includes the following fraud detection and prevention mechanisms within our service to detect identity theft issues while logging in or joining meetings:

  • Users and administrators will be notified of repeated login and meeting join failures.
  • Financial Institutions can set their own policies regarding the use of chat and recording to mitigate against accidental sharing of sensitive information such as account information, SSN or other personal information.
  • They can also limit the amount of personal information collected for their own users and their customers by requiring only the first name, last name and email address. Invitees can then join meetings with just a friendly display name.

Additional safeguards such as requiring a moderator to start a meeting, using passcodes for the moderator and attendees, and “locking” the meeting to specific users can be utilized for better meeting security.

Your security is important, and it matters to us as much as it does to you. We’ll be happy to share the policies and practices on technology governance, system change management, risk assessments, technical controls, incident response, vendor management, data loss prevention, and staff training for your review.

For more information, check out our Network Security & Privacy  and Trust Center pages, and sign up for your free 30-day trial today.