The SEC’s Office of Compliance Inspections and Examinations issued a risk alert about recent ransomware attacks and offered some best practices for smaller firms for dealing with ransomware incidents. We recommend
Based on a recent review of 75 registrants, the OCIE recommends that firms perform a cyberrisk assessment, conduct penetration and vulnerability tests, and ensure software maintenance including adequate software patches.
The OCIE staff also stressed the importance of developing a “rapid response capability” after it found widespread deficiencies among advisors during its review: 57% did not conduct penetration and vulnerability testing and 26% did not conduct periodic risk assessments of critical systems.

Cybersecurity has become one of the most significant compliance issues facing investment management firms. CCOs and their bosses must take action to address outside threats.
-
If employees are not properly trained, no amount of spending can prevent a breach, according to cybersecurity expert Jonathan Hard.
February 27 -
High-value targets include client names and account numbers. Protecting the information can also protect an advisory practice from regulatory penalties.
January 4 -
In 2016, the SEC brought a record 868 cases, including 173 against broker-dealers and advisers and 159 against investment companies.
May 16