The SEC’s Office of Compliance Inspections and Examinations issued a risk alert about recent ransomware attacks and offered some best practices for smaller firms for dealing with ransomware incidents. We recommend reviewing the agency's recent alert, as well as its 2014 guidance,

Based on a recent review of 75 registrants, the OCIE recommends that firms perform a cyberrisk assessment, conduct penetration and vulnerability tests, and ensure software maintenance including adequate software patches.

The OCIE staff also stressed the importance of developing a “rapid response capability” after it found widespread deficiencies among advisors during its review: 57% did not conduct penetration and vulnerability testing and 26% did not conduct periodic risk assessments of critical systems.

Cybersecurity has become one of the most significant compliance issues facing investment management firms. CCOs and their bosses must take action to address outside threats.

Register or login for access to this item and much more

All Financial Planning content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access