The US Securities and Exchange Commission (SEC) Division of Investment Management has issued cybersecurity guidance (PDF) to registered investment companies (“Funds”) and registered investment advisers (“Advisers”). The SEC has identify cybersecurity as an issue for both Funds and Advisers.
Both funds and advisers increasingly use technology to conduct their business activities and need to protect confidential and sensitive information related to these activities from third parties, including information concerning fund investors and advisory clients. This guidance update highlights the importance of the issue and discusses a number of measures that funds and advisers may wish to consider when addressing cybersecurity risks. Because of the rapidly changing nature of cyber threats, the Division will continue to focus on cybersecurity and monitor events in this area.
The SEC recommends the following measures in addressing cybersecurity risk:
- Conduct a periodic Security Risk Assessment – which 1) identifies where sensitive information is stored, accessed or processed; 2) identifies threats and internal and external vulnerabilities to the firm’s information and technology systems; 3) identifies existing security measures that are currently in place; 4) determines impact on data and systems if systems were compromised.
- Create a strategy to prevent, detect and respond to cybersecurity threats – measures include 1) controlling access to data and systems; 2) data encryption 3) evaluating the risk of portable media; 4) data backup and retrieval; 5) implementing an incident response plan
- Implement written policies and procedures and training – provide guidance to officers and employees concerning threats and measure to prevent, detect and respond to the threats.
Breach Secure Now!
Breach Secure Now! has built a service to help organizations address cybersecurity risk. Breach Secure Now! includes:
- Annual Security Risk Assessments
- Data Discovery of Personally Identifiable Information (PII)
- Network Vulnerability Scans
- Cyber Liability Calculations
- Written Information Security Policies
- Employee Security Training
- $100,000 of Cyber Protection
- Breach Response Services (Forensics, Breach Counseling, Breach Notification, Credit Monitoring, etc.)
- Third Party Vendor Tracking
- Cloud Based White-Labeled Security Portal
Find out how Breach Secure Now! can help your clients. For more information on our Partner Program visit our website