Last week, on February 3, 2015, the Securities and Exchange Commission (SEC) published a statement and risk alert addressing cybersecurity risks in the financial system. The alert, aimed at brokerage and advisory firms, provides guidance on how to protect investment accounts and insight gained from previous examinations.
The SEC’s Risk Alert, Cybersecurity Examination Sweep Summary, Volume IV, Issue 4, cites observations collected over the course of more than 100 examinations conducted by the Office of Compliance Inspections and Examinations (OCIE). The survey found that the majority of firms have adequate written information security policies and periodic risk assessments in place. OCIE also reported that more than three-fourths of the firms examined had experienced a recent “cyber-related incident.” Risk policies for vendors and other third parties was a key area of weakness across firms during the OCIE examinations.
The SEC also published an Investor Bulletin with tips to safeguard client data. The recommendations include the use of strong passwords, two-step verifications, and caution when using public networks.
The SEC’s publications add to the mounting regulatory effort to bolster cybersecurity protections among key domestic industries, and the vulnerable financial system in particular. SEC Chair Mary Jo White said, “Through our engagement with other government agencies as well as with the industry and educating the investing public, we can all work together to reduce the risk of cyber attacks.”
- SEC Press Release: http://www.sec.gov/news/pressrelease/2015-20.html#.VNjtZEs4Rg0
- SEC Examination Summary: http://www.sec.gov/about/offices/ocie/cybersecurity-examination-sweep-summary.pdf
- SEC Investor Bulletin: http://investor.gov/news-alerts/investor-bulletins/investor-bulletin-protecting-your-online-brokerage-accounts-fraud