On December 20, 2018, the U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) announced its examination priorities for 2019.
Here are a few steps your firm should take to ensure compliance:
- Access Controls – To prevent unauthorized access of network resources and devices, you must have security tools in place that restrict user access according to job function. You must also conduct access reviews for employees and vendors.
- Data Loss Prevention (DLP) – DLP requires a multi-level strategy consisting of content monitoring, data encryption and policy compliance. DLP is designed to protect the IT infrastructure, the networks, the devices, the data and the access—is ultimately about the secure continuous flow of vital information.
- Vendor Management – Your firm should implement written policies and procedures designed to ensure the security of information systems and nonpublic information that are accessible to, or held by, vendors / third-party service providers. This includes asking the right questions of third-party suppliers/contractors and conducting due diligence.
- Incident Response – Your firm must have an incident response plan in place to address potential cybersecurity incidents. This includes timely detection of the incident, properly disclosing information, and taking appropriate corrective actions.
- Security Awareness Training – Periodic cybersecurity awareness training and phishing testing is mandatory for all employees and contractors. Cybersecurity training should cover acceptable use of the firm’s network and teach employees how to safely use their devices, work remotely, and how to identify and respond to basic indicators of compromise. Firms must maintain evidence of the training performed, topics covered, and list of employees that participated.
- Governance / Policies and Procedures – Develop cybersecurity protocols with clear instructions on how they will be followed in different situations. ACE IT Solutions works closely with clients to outline, document and develop cybersecurity policies to ensure confidential data is protected and SEC requirements are met.
Failing to take these steps can weaken your entire network. ACE IT Solutions can guide you. We offer a comprehensive suite of customizable cybersecurity services to meet your organization’s specific risk profile and compliance needs.
ACE IT Solutions and our cybersecurity business partners are experts at assessing risk and helping firms prepare for SEC / OCIE exams. Contact us for a cybersecurity risk assessment at 646.558.5575.