Cybersecurity: A Question of When, Not If, Your Company will Fall Victim

Feb 20, 2020 1:30:00 PM

Financial firms, including broker-dealers and registered investment advisers, are at a high risk of cybersecurity attacks primarily because they control both their own data and the sensitive data related to clients. In an effort to educate broker-dealers about the cyber-best practices, FINRA published their Report on Selected  Cybersecurity Practices - 2018 in December 2018.  In this report, FINRA...
 

Overhaul Your Privacy Policy, Part 2: Elements of a good privacy policy

Jan 24, 2020 1:00:00 PM

Like most legal documents, privacy policies are fairly bland , and, let’s be honest, few people read them. But the recent enactment of the California Consumer Protection Act (“CCPA”) has Joot fielding privacy policy questions from clients and service providers alike. In our previous post - Is it time to overhaul your privacy policy and notice? - we discussed whether your firm must comply with the ...
 

Is it time to overhaul your privacy policy and notice?

Jan 10, 2020 10:45:00 AM

California recently passed amendments to the California Consumer Protection Act (“CCPA”), which took effect on January 1, 2020! Under the CCPA, investment advisers that are located in or have clients in California may need to update their privacy policy and notices to comply with the new law. For a deeper discussion of the new law, I recommend Morgan Lewis’ LawFlash updates from July and September...
 

More Summer Reading

Jun 20, 2019 9:28:20 AM

Last week we published an article about the SEC’s most recent cyber examinations and risk alerts. The week before we noted in our curated articles that the SEC is focused on oversight of technology vendors (like us).  If you still doubt the SEC’s focus on cybersecurity, it’s time for a reality check. SEC News Chairman Clayton just hired badass (because anyone who spends 30 years in the CIA has to ...
 

SEC Cyber-Probe: Round 3

Jun 13, 2019 2:30:00 PM

Recent activity by the Securities and Exchange Commission (“SEC”) highlight its continued focus on cybersecurity. In a Risk Alert issued by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”), the staff highlighted weak controls related to safeguarding customer information in network storage, including third-party providers. As noted in the Risk Alert, some investment advisers and...
 

If you hate changing your password, then read this article!

May 30, 2019 8:40:00 AM

Do you hate changing passwords? [heads nodding] Does it seem like your company forces you to change your password every other week? [heads nodding; tempers rising] Well good news, the National Institute of Standards of Technology (“NIST”) says you don’t need to change your password until it is compromised, which is like saying you don’t need to lock your door until a burglar has robbed you. Now is...