Financial firms, including broker-dealers and registered investment advisers, are at a high risk of cybersecurity attacks primarily because they control both their own data and the sensitive data related to clients.
Last week we published an article about the SEC’s most recent cyber examinations and risk alerts. The week before we noted in our curated articles that the SEC is focused on oversight of technology vendors (like us). If you still doubt the SEC’s focus on cybersecurity, it’s time for a reality check.
Recent activity by the Securities and Exchange Commission (“SEC”) highlight its continued focus on cybersecurity. In a Risk Alert issued by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”), the staff highlighted weak controls related to safeguarding customer information in network storage, including third-party providers.
Do you hate changing passwords? [heads nodding] Does it seem like your company forces you to change your password every other week? [heads nodding; tempers rising] Well good news, the National Institute of Standards of Technology (“NIST”) says you don’t need to change your password until it is compromised, which is like saying you don’t need to lock your door until a burglar has robbed you. Now isn’t that nice.