The U.S. Securities and Exchange Commission (SEC) has announced that they plan to examine the policies and procedures asset managers have in place to prevent and detect cyber attacks. The SEC’s focus on asset managers’ cyber security policies come in the wake of attacks on several well-known retailers, including Target Corp and Neiman Marcus.
In this Reuters article, the SEC’s national associate director Jane Jarcho said, “We will be looking to see what policies are in place to prevent, detect and respond to cyber attacks.” This includes policies on IT training, vendor access and vendor due diligence.
The SEC’s upcoming 2014 review of cyber security policies will be conducted as part of the agency’s routine examinations of investment companies. The purpose of the exams is to be proactive in preventing cyber attacks; however, according to Reuters, exams can also lead to enforcement action if the SEC uncovers egregious activity or repeat violations. (Read more)
Here is what hedge fund and asset managers can do to prepare for the exams:
Stay up to date on Security Best Practices
ACE IT Solutions is offering a webinar in partnership with IBM and The Financial Executives Alliance (FEA): “Security Management & Best Practices for Financial Services” where we will discuss the current cyber threat landscape and what your organization can do to defend your network while remaining compliant. Topics include:
- Understanding the cyber threat landscape
- How to mitigate cyber security risks
- Threat assessments and penetration testing
- Surviving the “security skills” crisis
- Best practices for securing your technology infrastructure
- Best practices for meeting compliance regulations and avoiding policy violations
Understand your Security Posture
Penetration testing and security audits will help you understand the vulnerabilities in your system and improve your network security operations. Penetration testing will also validate existing controls and quantify real-world risk. Read more
Establish a Security Policy
Develop an information security policy that details the authentication protocols, access restrictions and password requirements. Train your employees on the policy and make sure they completely understand it.
According to an IBM’s Security Threat Report, 80-90 percent of security incidents can be easily avoided. ACE IT Solutions’ Managed Security Services, offered in partnership with IBM, provide a simple and cost-effective way to limit potential threats 24×7. Through our partnership with IBM, ACE IT Solutions leverages one of the world’s largest collections of security information to combine advanced analytic capabilities into cloud-based security services that can be mixed and matched according to specific needs. Read more
Perform Due Diligence
As part of the exams, the SEC will be looking at vendor relationships. Perform due diligence on service providers to ensure they are not exposing you to unexpected risks.
As organizations face tighter requirements around privacy and compliance, they also face a mounting challenge in countering advanced security threats. The accuracy of identifying threats becomes essential as security teams migrate from legacy approaches to a security intelligence model. To address these cyber security challenges, businesses must fundamentally change how they think about security. Contact ACE IT Solutions at 646-558-5575 for a security consultation or for more questions on meeting SEC compliance requirements.