On August 30th, the SEC sanctioned eight firms in three actions for failures in cybersecurity policies and procedures. The investigations revealed:
- Among the eight firms, nearly 200 cloud-based email accounts of firm personnel, representatives, and financial advisors were taken over by unauthorized third parties over the past three to four years.
- The sanctioned firms had all failed to adopt and/or implement proper cybersecurity policies or procedures, resulting in the exposure of client’s personal information.
- Two of the firms misled their clients by sending out notifications suggesting the breach had only recently been discovered but, in reality the notifications were sent some time after discovery.
- The firms have each agreed to settle the charges and will pay fines between $200,000 and $300,000.
WHAT DOES THIS MEAN FOR ME?
The failure to adopt and implement policies to mitigate the risk of cybersecurity breaches could put your firm, and your clients, at risk. Kristina Littman, the Chief of the SEC enforcement Division’s Cyber Unit, indicated that investment advisers and broker dealers are required to protect client information. She further provides that establishing the policies alone is not enough; full implementation is a must.
It is important that any compliance gaps in your firm’s cybersecurity policies are addressed and that policies are tailored to the firm’s business practices and implemented in practical manner.
If your firm requires assistance with implementing cybersecurity programs to comply with industry best practices and regulatory expectations, Fairview Cyber can assist. We support registered investment advisers by creating and implementing comprehensive, sustainable cybersecurity programs with the help of our in-house regulatory experts.
Contact us today for more information about our services.