The Securities and Exchange Commission (SEC) has been making cybersecurity a priority in 2015. As part of its cybersecurity oversight, the SEC released observations from recent cybersecurity examinations of broker-dealers and advisors conducted in 2013 and 2014. Likewise, the Financial Industry Regulatory Authority (FINRA) released its own Report on Cybersecurity Practices outlining current risks and best practices to approach cybersecurity in the financial industry.
In its Cybersecurity Roundtable held in 2014, SEC Commissioner Luis A. Aguilar expressed the devastating effect that cyber-attacks and data loss pose to financial institutions, to the economy, to consumers and to investors. The SEC, which was created to safeguard these stakeholders, affirmed its attention to “play a role” in the security of data. In an examination of a SEC sweep of broker-dealers and investment advisors, the SEC released a Risk Alert which provides summary observations from the examinations. Insights from the report include:
FINRA’s much more comprehensive report details cybersecurity threats and how to address them. FINRA’s report looks at some of its findings, but overall spends more time on preparedness. Topics discussed include Governance and Risk Management for Cybersecurity, the importance of Board and Senior Involvement, Effective Cybersecurity Risk Assessment, and the outcome of a Failure to Address Risks.
Some of the top governance or management failures identified in the FINRA Report on Cybersecurity Practices include:
Right now, the financial industry is not subject to specific regulatory guidance, though regulatory bodies have quite a bit of leverage to investigate and fine organizations that do not adequately protect stakeholder data. Without specific written guidelines, financial organizations must take the initiative to ensure data security is made a priority. Organizations should perform a regular risk assessment, maintain a comprehensive data breach response plan, create an ongoing employee security awareness training program, and ensure layered technology solutions are in place to protect data.
FINRA’s report highlights the importance of a layered approach to security planning, one backed up by both policy and employee training and supported with persistence technology. To learn about how to build a layered defense against data breaches, we welcome you to watch our recent webinar on the topic. Contact us to learn how Absolute Software can help your organization navigate the choppy regulatory landscape and to mitigate the ever-increasing data security risks.