On February 3, 2015, the Securities and Exchange Commission (“SEC”) released two publications addressing cybersecurity at advisory and brokerage firms. The first publication, a Risk Alert, relays the findings from the examinations of more than 100 investment advisers and broker-dealers and focuses on how they: (i) establish cybersecurity policies, procedures and oversee the processes; (ii) identify cybersecurity risks; (iii) protect information and networks; (iv) identify and address the risks associated with funds transfer requests, remote access to client information and third-party vendors; and (v) detect activity that is unauthorized. The SEC’s Office of Investor Education and Advocacy released the second publication which provides tips for investors to better safeguard their online investment accounts. Their recommendations include using a strong password and a two-step verification process.
The SEC’s recent examinations found 93% of examined broker-dealers and 83% of examined investment advisers have adopted cybersecurity policies, though, whereas 89% of the broker-dealers periodically audit compliance with the policies, only 57% of investment advisers conduct periodic cybersecurity compliance audits. The SEC continues to place high importance on cybersecurity and every broker-dealer and investment adviser should ensure they have adequate written policies and procedures in place and test them periodically.