At the end of last month, the SEC provided a guidance update on cybersecurity for registered investment companies and registered investment advisors. This guidance is equally instructive for broker-dealers and registered representatives.
Cyber threats are numerous and ever changing with technology. The SEC provided the guidance to highlight the importance of having a robust cybersecurity program because the failure to do so is just too risky for you and your clients.
The SEC identified a number of things that firms can do to make sure that they have an adequate cybersecurity program. These include, among others, the following:
- Periodic assessments of (1) the nature, sensitivity and location of information the firm collects; (2) internal/external threats; (3) current security processes and controls; (4) the potential impact of a compromise; and (5) the effectiveness of firm governance over cybersecurity.
- Creation of a cybersecurity strategy designed to prevent, detect and respond to the threats associated with cybersecurity.
- Implementation through written policies and procedures and training to provide guidance from the top to the bottom of the corporate tree concerning threats, measures designed to prevent and detect and to respond to such threats.
Teenagers playing on their computer are not the only threat to infiltrate a firm’s systems. Organized crime and foreign nations are engaged in this industry as well. Assess your cybersecurity systems on a regular basis throughout the year consistent with the SEC’s guidance, and don’t be a victim.
* photo from freedigitalphotos.net