Find news, events, articles, videos, and more that answer your questions and keep you up-to-date.
Visit Resource Center
Stay informed on compliance updates
The SEC recently announced its first cybersecurity enforcement against an investment advisor that failed to have sufficient safeguards in place to protect its client’s data. This action underscores the SEC’s new commitment to enforcing cybersecurity compliance, as well as the need for companies, especially investment firms, to have cybersecurity best practices in place.
The SEC charged the investment advisor for failure “to conduct periodic risk assessments, implement a firewall, encrypt PII [personally identifiable information] stored on its server, or maintain a response plan for cybersecurity incidents”. The company had stored sensitive PII of its clients and others on its third party-hosted web server from September 2009 to July 2013. The server was then attacked in July 2013, compromising the data of more than 100,000 individuals, making them vulnerable to theft.
So far, none of the advisor’s clients, or the other individuals whose data was on the server, has experienced financial harm as a result of the hack.
However, the firm was fined $75,000 because of a due diligence failure to protect client records and information.
Marshall Sprung, Co-Chief the SEC Enforcement Division’s Asset Management Unit, stated that, “As we see an increasing barrage of cyber attacks on financial firms, it is important to enforce the safeguards rule even in cases like this when there is no apparent financial harm to clients.” This involves the adoption of written policies and procedures designed to protect private information, as well as having clear action plans in place for when a breach occurs.
The SEC also recently published an alert advising investors on what to do if they become victims of a data breach. The agency is also reported to be considering a plan that would require companies to disclose cybersecurity vulnerabilities.
In the meantime, as high-profile breaches continue to occur and be reported in the news, the SEC will be increasing scrutiny of firms that do not have appropriate cybersecurity measures in place.
To learn more about how CT can help you better manage your legal service needs, contact a CT representative at 844-316-8948 (toll-free US).
Entity Management ServicesGlobal Corporate ServicesService of Process ManagementBusiness License Managed ServicesGlobal Managed ServicesAnnual Reports Managed Services
More in Staying Compliant