FINRA has published cybersecurity guidance for all its member firms.  See

In particular, FINRA is indicating that it wants its member firms to bolster their cybersecurity regimes, and limit both internal and external threats.  The FINRA report also provides a number of resources for firms in applying this guidance.

Please make no mistake about this report.  FINRA is not doing it out of the “goodness of its heart;” instead, member firms should assume FINRA will use this report to bludgeon member firms, who have cybersecurity issues in the future.  That is, member firms should work with counsel to ensure that they have the appropriate cybersecurity policies and procedures in place before FINRA “comes a knockin!”