The Securities and Exchange Commission has sanctioned eight firms for failures in their cybersecurity policies and procedures that resulted in email account takeovers exposing the personal information of thousands of customers and clients at each firm.
The firms firms agreed to pay hundreds of thousands of dollars in penalties to settle charges. All were Commission-registered as broker dealers, investment advisory firms, or both.
The SEC’s orders against each of the firms finds that they violated Rule 30(a) of Regulation S-P, also known as the Safeguards Rule, which is designed to protect confidential customer information. The market watchdog has brought charges against these entities for multiple regulatory violations and penalized them: Cetera Entities with $300,000, Cambridge with $250,000 and KMS with $200,000.
“Investment advisers and broker-dealers must fulfill their obligations concerning the protection of customer information,” Kristina Littman, Chief of the SEC Enforcement Division’s Cyber Unit, said. “It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks.”
Firms should use these cybersecurity solutions to ensure they are properly protecting the personal information of their clients:
- Multi-factor authentication (MFA)
- Security awareness training / Phishing training & testing
- Complex passwords
- Enhanced email security
- Azure AD Premium P1 & P2
We want to remind all business owners to take the protection of their data seriously. If you are not sure if you have the proper solutions in place to protect your clients’ personal information and meet compliance regulations, contact ACE IT Solutions at 646.558.5575 or email@example.com. We offer a comprehensive suite of customizable cybersecurity services to meet your organization’s specific risk profile and compliance needs.