On February 3, the Securities and Exchange Commission and Financial Industry Regulatory Authority issued separate publications on cybersecurity risk. The SEC’s risk alert provides summary observations from the SEC’s Office of Compliance Inspections and Examinations based on prior examinations of broker-dealers and investment advisers. These examinations focused on how firms (1) identify cybersecurity risks; (2) establish cybersecurity policies, procedures and oversight processes; (3) protect their networks and information; (4) identify and address risks associated with remote access to client information, fund transfer requests and third-party vendors; and (5) detect unauthorized activity. The SEC also released an investor bulletin that provides guidance to help investors safeguard their online investment accounts. Among other things, the SEC recommends using a strong password and a two-step verification process.
Separately, FINRA released two publications on cybersecurity. FINRA’s cybersecurity report identifies best practices for managing cybersecurity threats based on prior examinations of its member firms. These practices include, among other things, establishing a sound governance framework, utilizing risk assessments and technical controls, developing cyber-incident response plans, and training staff on cybersecurity issues. FINRA also released an investor alert to help investors safeguard their brokerage accounts and financial information.