No data is more sensitive than financial records. If you’re an organization that handles personal or corporate financial information, you know already that even a minor security breach can cause serious reputational damage and loss of customer confidence.
In recent years, the U.S. Securities and Exchange Commission (SEC) has taken a more active role in regulating data privacy for brokers, investment advisors, private fund managers and other organizations under their purview. Compliance with SEC standards may seem like an additional hassle, but if done correctly, it can form the basis of an enhanced security posture. Ultimately, when more organizations are adopting best practices for data privacy compliance, it strengthens the industry as a whole.
Keep reading to learn more about what’s involved in SEC security compliance and how Vigilant Compliance can help.
SEC Rules for Cybersecurity
In March 2014, the SEC held its inaugural Cybersecurity Roundtable, in which it identified several best practices for network security risk assessment and mitigation. Specifically, it stated that all organizations should:
- Have a formal response plan in place for dealing with data breaches and other network security incidents.
- Conduct regular penetration testing, and then use the results to identify security weaknesses and make infrastructural improvements.
- Identify and prioritize sensitive data and implement appropriate access controls.
- Treat security as an industry-wide concern and make intelligence sharing a priority.
Ultimately, the goal of these recommendations was to encourage organizations to be more proactive about cybersecurity. Every year since, cybersecurity has been included on the SEC Office of Compliance Inspections and Examinations’ (OCIE) annual list of priorities.
SEC Cybersecurity Risk Guidelines for 2016: What You Need to Know
The most recent list of OCIE priorities was published in January 2016. In it, the office highlights the importance of building a robust security infrastructure that can respond to evolving threats. It expands requirements for risk assessment and program monitoring as part of SEC security compliance, establishing clearer benchmarks for meeting these obligations. Other issues covered in the update include:
- The fundamental role of knowing where, how and why sensitive consumer data is stored.
- The need for written policies and employee training that ensures guidelines are properly and systematically followed by all staff.
- The importance of investigations into evolving external and internal threats.
As SEC cyber risk guidelines continue to expand, there will be a clear need for organizations to seek outside expertise when setting priorities and making decisions about how they protect their data. That’s where Vigilant Compliance comes in.
Proactive SEC Cybersecurity Consulting
SEC guidelines address areas of concern to any financial organization, including network and information protection, managing risks around remote customer access, fund transfer requests and third party vendors, unauthorized activity detection and more. Staying compliant with SEC standards is not just a requirement for doing business. It can also be a way of positioning yourself to serve your clients and other stakeholders in a more secure manner.
Vigilant Compliance offers dedicated SEC cyber risk assessment services that ensure your bases are covered when it comes to staying compliant with the latest OCIE guidelines. The SEC updates its rules regularly, and as a result, meeting the most recent requirements can be a challenge, even for organizations with their own internal cybersecurity department.
Our experts will work with the resources you have on hand to ensure the path to SEC compliance is simple and straightforward. We are an experienced consultant to the investment management industry, and, since 2014, we have been a leader in the field of SEC network security compliance consulting. Working with SSD Technology Partners, we help mutual funds and investment advisors establish policies and procedures for staying compliant with all SEC guidelines.
To find out how what we can do for you, contact our office today.