On February 3, the SEC’s Office of Compliance Inspections and Examinations (OCIE) published a Risk Alert that contains observations based on examinations of more than 100 broker-dealers and investment advisers. The examinations focused on how these firms:
-
Identify cybersecurity risks
-
Establish cybersecurity policies, procedures, and oversight processes
-
Protect their networks and information
-
Identify and address risks associated with remote access to client information, funds transfer requests, and third-party vendors
-
Detect unauthorized activity
A second publication, an Investor Bulletin issued by the SEC’s Office of Investor Education and Advocacy (OIEA), provides core tips to help investors safeguard their online investment accounts, including:
-
Pick a “strong” password
-
Use two-step verification
-
Exercise caution when using public networks and wireless connections