The information below outlines the minimum technology and cybersecurity requirements for all systems used by associated persons of Mutual Securities, Inc. or Mutual Advisors, LLC (collectively “Mutual Group”).
Report all security incidents to Mutual Compliance and Mutual Support immediately. Here is some guidance on proper incident response.
|
MINIMUM TECHNOLOGY REQUIREMENTS |
|
|
Operating Systems |
Refer to OS Manufacturer guides for most recent releases and compatibility requirements. At the time of this publication, the following Operating systems are supported: Windows 11 version 23H2 or later; macOS version 12 (Monterey) or later.
*Windows 10 will no longer be supported by Microsoft after 10/31/2025 |
|
Antivirus Software |
Install Anti-virus solution with live monitoring and daily scanning. |
|
Firewall |
Enable built-in firewall or implement a commercially available solution at the device level. |
|
Full-Disk Encryption |
Software disk encryption using BitLocker, FileVault, or equivalent products using AES-XTS 128-bit encryption methods or better. |
|
Multi-Factor Authentication |
Multi-Factor Authentication (MFA) using
software or hardware tokens that generate time based one-time passwords
(TOTP). MFA through SMS/Text should be avoided as primary method. |
|
Email Tenant Security Policies |
MFA must be enabled for all associated persons, utilizing either conditional access policies or MFA requirements per user.
Smart Lock Out should be set up to lock out an account for extending durations after no more than 5 consecutive failed login attempts (risk-based event) |
|
Password Requirements |
Passwords must be at least 8 characters long and contain uppercase, lowercase numeric and special characters. |
It is expected that all associated persons are adhering to these minimum technology requirements at all times. Mutual Group requires that any issues requiring remediation of the system be addressed in a timely fashion, and failure to do so could result in disciplinary action, including fines and/or restrictions on access to Mutual Group systems until the system issues are addressed. Below is additional information on maintaining compliance with our Minimum Technology Requirements.
Any of
these requirements are subject to change at any time, and if there are any
questions about these requirements, please reach out to Mutual Support at support@mutual.group.
System
and Software Updates:
Enable automatic updates
if not managed at an organizational level to ensure operating systems are up to
date.
For updates managed at an
organizational level, use the following guidelines:
Severe and Critical
security updates should be installed immediately.
Quality updates should be
installed no later than 30 days from distribution to the public.
Feature Updates may be
deferred following the service timeline provided by the manufacturer.
Keep all
applications/software up to date as well as drivers and device firmware.
Encryption
and Storage:
Encrypt drives using BitLocker or equivalent and store your recovery key in the cloud, or a secure location not on your device.
Disable/prohibit USB
mass-storage devices or require encryption for removeable media.
Computer Settings:
Computers should be password protected and require password entry and/or biometric authentication.
Computers should lock after 10 minutes of inactivity (or less) and require authentication to unlock/wake.
Disable notifications and reminders on locked screens.
Use a password manager to store and manage passwords
Device Protection:
Install Anti-Virus software to detect and block viruses and other malware in real-time and perform regular system scans.
Use software or services to block unsafe content received through e-mail (e.g., phishing attacks) or accessed via web browsers.
Install/enable firewall for computers on all networks.
Backups:
Back up data frequently using both offline and online back-up solutions
External storage devices should be encrypted if used for backup storage.
Test backups periodically to ensure integrity and restorability.