SEC Releases Cybersecurity, Data Loss Best Practices

The report presents observations from exams; mobile security is a big focus.

By Melanie Waddell | January 27, 2020 at 04:02 PM

The Securities and Exchange Commission's (SEC's) exam divisionreleased on Monday a guide to best practices it's observed in examsto combat cybersecurity infractions, data loss, and privacybreaches.

In its 13-page Cybersecurity and Resiliency Observationsreport, the Office of Compliance Inspections and Examinations(OCIE) details practices examiners have observed in the followingareas: governance and risk management, access and controls, dataloss prevention, mobile security, incident response and resiliency,vendor management, and training and awareness.

In sharing the staff observations, OCIE said that it encouragesmarket participants to review their practices, policies, andprocedures with respect to cybersecurity and operationalresiliency.

"We believe that assessing your level of preparedness andimplementing some or all of the … measures will make yourorganization more secure," the report states.

"As markets, market participants, and their vendors haveincreasingly relied on technology, including digital connectionsand systems, cybersecurity risk management has become essential,"the report adds.

"Indeed, in an environment in which cyber threat actors arebecoming more aggressive and sophisticated—and in some cases arebacked by substantial resources including from nation-stateactors—firms participating in the securities markets, marketinfrastructure providers, and vendors should all appropriatelymonitor, assess, and manage their cybersecurity risk profiles,including their operational resiliency."

In the area of mobile security, for instance, "mobile devicesand applications may create additional and unique vulnerabilities,"the report notes.

OCIE has observed the following mobile security measures atorganizations utilizing mobile applications:

Policies and procedures. Establishing policies and procedures for the use of mobiledevices.
Managing the use of mobiledevices. Using a mobile device management(MDM) application or similar technology for an organization'sbusiness, including email communication, calendar, data storage,and other activities. If using a "bring your own device" policy,ensuring that the MDM solution works with all mobile phone/deviceoperating systems.
Implementing securitymeasures. Requiring the use of multi-factorauthentication for all internal and external users. Taking steps toprevent printing, copying, pasting, or saving information topersonally owned computers, smartphones, or tablets. Ensuring theability to remotely clear data and content from a device thatbelongs to a former employee or from a lost device.
Training employees. Training employees on mobile device policies and effectivepractices to protect mobile devices.

From: ThinkAdvisor

Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.

Critical Treasury & Risk information including in-depth analysis of treasury and finance best practices, case studies with corporate innovators, informative newsletters, educational webcasts and videos, and resources from industry leaders.
Exclusive discounts on ALM and Treasury & Risk events.
Access to other award-winning ALM websites including PropertyCasualty360.com and Law.com.

NOT FOR REPRINT

Melanie is senior editor and Washington bureau chief of ThinkAdvisor. Her ThinkAdvisor coverage zeros in on how politics, policy, legislation and regulations affect the investment advisory space. Melanie’s coverage has been cited in various lawmakers’ reports, letters and bills, and in the Labor Department’s fiduciary rule in 2023. In 2019, Melanie received an Honorable Mention, Range of Work by a Single Author award from @Folio. Melanie joined Investment Advisor magazine as New York bureau chief in 2000. She has been a columnist since 2002. She started her career in Washington in 1994, covering financial issues at American Banker. Since 1997, Melanie has been covering investment-related issues, holding senior editorial positions at American Banker publications in both Washington and New York. Briefly, she was content chief for Internet Capital Group’s EFinancialWorld in New York and wrote freelance articles for Institutional Investor. Melanie holds a bachelor’s degree in English from Towson University. She interned at The Baltimore Sun and its suburban edition.

1 Understanding the Cost of Hedging

2 Banks Turn to Biometrics

3 7 Steps to Create a Risk-Aware Culture

4 Accelerate Pay by Synovus Bank: Easier payments, with the flip of a switch

5 JPMorgan Chase Sued over Data Breach That Exposed 450K Retirement Plan Participants

Consulting
Consulting Top Consultants 2024
June 27, 2024 - New York

Consulting Magazine identifies consultants that have the biggest impact on their clients, firms and the profession.
More Information
Real Estate
GlobeSt. Women of Influence (WOI) 2024
July 22, 2024 - Lake Tahoe

GlobeSt. Women of Influence Conference celebrates the women who drive the commercial real estate industry forward.
More Information
Consulting
Consulting Best Firms to Work For 2024
September 12, 2024 - New York

Consulting Magazine identifies the best firms to work for in the consulting profession.
More Information

eBook

Treasury & Risk

Don’t miss crucial treasury and finance news along with in-depth analysis and insights you need to make informed treasury decisions. Join Treasury & Risk now!

Free unlimited access to Treasury & Risk including case studies with corporate innovators, informative newsletters, educational webcasts, and resources from industry leaders.
Exclusive discounts on ALM and Treasury & Risk events.
Access to other award-winning ALM publications including PropertyCasualty360.com and Law.com.

Already have an account? Sign In Now

Instant Insights /

SEC Releases Cybersecurity, Data Loss Best Practices