Cybersecurity Is MORE Than Just Policies

Cybersecurity is of ongoing concern to every single one of us.?

It’s become such a concern for big tech companies that every time they create new technology they pay skilled professionals to hack it as many times as possible so they can learn the flaws before it goes to market.?

But what about companies that aren’t large tech companies??

What happens when you don’t have the IT expertise to preemptively control hacking?

Recently the SEC has fined 8 independent firms in 3 separate actions for breaches of cybersecurity, specifically for deficient cyber security procedures.

The 8 firms were fined for failures in their cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm .?

The firms have agreed to settle with fines totaling to approximately $750,000.?

The largest of these breaches spanned across 3 years and it has been noted that while policies were updated they were not fully implemented. Similar patterns were noticed across the other firms as well, where policies and procedures were not adopted after being updated.?

"Investment advisers and broker dealers must fulfill their obligations concerning the protection of customer information," said Kristina Littman, Chief of the SEC Enforcement Division's Cyber Unit. "It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks."

So what can you do to make sure your cybersecurity protocols and procedures are compliant??

1. Make sure changes to protocols are rolled out across the firm: It’s one thing to submit policy changes, it’s another to have them enacted. This was the main reason that the SEC has fined these companies. Even though their policy looked good on paper it was not followed in a way that allowed for the safeguarding of customers' private information.?
2. ?Let you customers knowOne of the things you must do in case of a breach is let the affected customers and investors know. Keeping this a secret could also get you in trouble with regulatory bodies like the SEC.?
3. Get In Contact With The Professionals: To make sure you aren’t about to be receiving a fine from a regulatory body you should get in touch with the experts. Whether you are in the middle of an arbitration claim or simply want to check your compliance practices My RIA Lawyer specialises in keeping RIA and brokerage firms out of trouble.?

For more information on this specific case view the story HERE.?