Cybersecurity Programs Remain a Priority in 2018

Cybersecurity programs remain a significant priority for financial services industry regulators, including the SEC, FINRA, and state securities regulatory agencies. As mentioned in FINRA’s 2018 Annual Regulatory and Examination Priorities Letter, member firms need to have cybersecurity programs in place and such programs must capable of protecting sensitive information, including personally identifiable information of clients, from both internal and external threats. Over the past couple of years, awareness of cybersecurity risk has increased dramatically. However, as awareness increases, so does the sophistication of cybersecurity threats. And even a robust cybersecurity program can be compromised by something as simple as an employee opening an email attachment that contains malware. So, what can a firm do to combat phishing and spearphishing attacks, ransomware attacks, fraudulent third-party wires, etc.?

Read More…

Cybersecurity Breaches: Post SEC & Equifax Hacks, Firms Should Revisit Their Cybersecurity Program

Recently, two major cybersecurity breaches have been in the news which have been very unsettling for many Americans.  First, Equifax, one of the nation’s largest credit bureaus, was hacked exposing 143 million people’s financial data.  Second, the Securities and Exchange Commission’s (“SEC”) EDGAR filing system was hacked and it is believed that the hackers made off with information that was used to make money illegally in the stock market. Read More…

SEC Issues Ransomware Risk Alert Highlighting Cybersecurity Best Practices

The SEC’s Office of Compliance Inspections and Examinations (OCIE) recently published a Risk Alert pertaining to “WannaCry,” the ransomware worm that infected hundreds of thousands of computers in over 150 nations earlier in May, 2017. WannaCry infects computers with malicious software that encrypts users’ files and demands payment to regain access to the data. The alert provides cybersecurity best practices, including a new initiative towards “rapid response” methods that firms should use to respond to cybersecurity challenges. It also describes factors that firms may consider to (1) assess their supervisory, compliance and/or other risk management systems related to cybersecurity risks, and (2) make any changes, as may be appropriate, to address or strengthen such systems.  Read More…

Cybersecurity for Broker-Dealers

As technology continues to advance and broker-dealers become increasingly more dependent on it, the topic of cybersecurity has been pushed to the forefront in the financial industry.  The nature of the industry requires broker-dealers to maintain records of client sensitive information including, but not limited to the following: account numbers, social security numbers, licenses, and  financial condition.  If any of this information is compromised from an outside source, not only will the investor suffer but the broker-dealer may also suffer. Read More…