The LeGaye Law Firm Shares Best Practices in Light of Targeted Sweep Exams on Cybersecurity Being Coordinated Between CFTC, SEC and FINRA

Share Article

In a world where our daily lives have become increasingly dependent on technology, combating security breaches and cyber-attacks has become a priority for regulators in all industries, including the financial services industry. The safeguarding of sensitive confidential customer and employee information has become crucial as cyber-attacks have increased dramatically in their sophistication and ability to wreak havoc on the operations, economic viability, and reputation of the public, private, and even non-profit sectors.

Dan LeGaye

Cybersecurity will result in significant regulatory oversight in the financial industry in the next 2 years

With this in mind, The LeGaye Law Firm has provided an overview of preliminary steps to achieving and maintaining an increased level of cyber security.
Registered investment advisers and broker-dealers must implement a systematic approach to identifying areas of security vulnerability.

Step 1 - Create a detailed inventory of your firms’ devices and systems including software and applications as well as catalogue the firm’s network connections from external sources. It is very important to know how your customers data flows through the organization, and the points (both internal or external) that the information might be susceptible to breaches.

Step 2 - Make sure that the firms’ resources are protected, based on the sensitivity of the information stored. Ensure all devices, systems and applications have both restricted access and strong password protection.

Step 3 - Perform regular risk assessments at least annually to identify potential new cyber threats and address any vulnerabilities in your firms' current security systems. Risk management processes should incorporate the recommended standards set by National Institute of Standards and Technology (NIST) or International Organization of Standardization (ISO).

Step 4 - Appoint a person to oversee the cybersecurity process, including the annual assessment, controlling access to sensitive data and risk management tools to appropriate personnel and overseeing the training and education of all staff members and customers in identifying and reporting potential security breaches.

Step 5 – Encryption is now commercially available and should be utilized when transmitting customer, employee or confidential data electronically. In the alternative, confidential data should at least be redacted from documents and or the documents should be password protected.

Step 5 - Update policies and procedures to include who will be granted access privileges, which resources will be accessible to each business function, and the process of changing and/or removing access when an individual is transferred or terminated.

Step 6 - Regularly schedule system updates to include software patches to improve security, internet function protection, and third-party system and service provider reviews. Separate security protocols should be in place for removable and mobile devices as well.

We all have responsibility to our customers to provide a secure and well maintained business environment. While these best practices can be used as a guide, they do not account for all the fast-growing, ever-changing, and more sophisticated cyber threats that we see being unleashed on unsuspecting businesses and their customers. Stay alert! If something seems suspicious, it probably is.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Daniel E. LeGaye

Michael R. Schaps
The LeGaye Law Firm PC
Like >
The LeGaye Law Firm, PC

Visit website