SEC and FINRA Issue Cyber Security “Alert”

Thomas Potter, III
Burr & Forman
Contact
LinkedIn
Facebook
X
Send
Embed

The SEC and FINRA each issued February 3 cyber security “alerts” summarizing last year’s sweep exams and pointing out the obvious. In two parts, the SEC’s press-release covered the results of the Commission’s 2013-2014 sweep exams and an investor bulletin. SEC Press Release 2015-20, here.

The Commission’s Office of Compliance Inspections and Examinations (“OCIE”) conducted a “sweep exam” – or wide industry survey on the subject among broker-dealers and investment advisers– during 2013 and 2014. The good news is that a wide majority of them have

have information security policies in place, usually as part of their business continuity plans (“BCP”), based upon recognized industry standards for data-security including encryption and other protections, and engage in periodic risk assessment and testing. In fact, industry-group Securities Industry and Financial Markets Association (“SIFMA”) has conducted two years of “Quantum Dawn” exercises simulating multi-day systemic cyber-attacks in a closed-loop environment to test industry preparedness and response and to inform best practices. See description here and SIFMA offers considerable resources for member firms, here.

The bad news is that most industry respondents report having faced cyber security attacks, ranging from amateurish email scams (“send me my money” phishing or spoofing) to sophisticated network hacks. The greatest observed risk reported is back-door vulnerability through vendors and other providers of whom the industry does not always require downstream compliance.

OCIE’s sweep summary is NSEC National Exam Risk Alert, v. IV, no. 4 (Feb. 3, 2014), here.

FINRA issued its slightly-longer, substantively similar report on its own parallel sweep the same day: “Report on Cybersecurity Practices,” here.

The SEC’s Investor Bulletin was prosaic – but perhaps necessarily so. Its highlights include by-now well-worn tips like:

  • Use “strong” passwords, changed regularly
  • Set up two-step verification
  • Don’t use the same password across multiple accounts
  • Avoid public computers , wireless or other open networks
  • Read your statements.

The Investor Bulletin is here.

FINRA’s parallel alert is here.

 

 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Burr & Forman | Attorney Advertising

Written by:

Burr & Forman
Burr & Forman
Contact
more
less

Burr & Forman on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide