In recent months, the increase of high-profile cyber-attacks have not only undermined investor confidence but have also rattled the industry. The U.S. Securities and Exchange Commission (SEC) has responded with a pledge to review and consider significant changes in cybersecurity and privacy reporting requirements for stock exchanges, public companies, and financial advisers.
The pledge emphasizes the SEC’s Division of Examinations focus on a firm’s cybersecurity risk management policies and procedures. Their areas of interest include governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.
The SEC is striving to be proactive in its efforts to thwart cybercrime because bad actors are constantly finding new ways to circumvent and attack existing systems. Firms that can withstand the SEC’s diligent scrutiny of cybersecurity policies and procedures are those whose compliance personnel conduct frequent risk assessments to protect against the threat posed by the increased number and sophistication of cyberattacks.
To avoid the dangers of complacency, consider how you’d answer the following questions.
- Has senior management followed the SEC’s lead and made cybersecurity a high priority?
- How often do you perform thorough cybersecurity risk assessments?
- When was the last one?
- In the past year, has your firm discussed the need to allocate more resources to safeguard clients against cyber threats?
- How confident are you that your written cybersecurity policies and procedures meet or exceed all state and federal regulatory requirements?
- When was the last time you held training sessions for employees on how to identify phishing and other fraudulent online activity?
Core Compliance Can Help
While these questions provide a strong and ample starting point when reviewing vulnerable areas within your firm’s policies and procedures, leveraging a third-party or compliance partner can prove to be beneficial when addressing areas of needed change.
The team at Core Compliance has extensive experience working with firms to assess their current cybersecurity program, identify risks and gaps, and help implement appropriate procedures and controls. . For assistance, please contact us here or call us at (619) 268-0020.