The SEC has made it clear that cybersecurity should be a high priority for Registered Investment Advisers (RIAs). On February 3, 2015, the SEC released a publication that addresses cybersecurity at RIAs and brokerage firms.

The Risk Alert from the SEC’s Office of Compliance Inspections and Examinations (OCIE) provides observations derived from examinations of more than one hundred broker-dealers and RIAs. The examinations focused on how these firms:

  • Identify cybersecurity risks;
  • Establish cybersecurity policies, procedures, and oversight processes;
  • Protect their networks and information;
  • Identify and address risks associated with remote access to client information, funds transfer requests, and third-party vendors; and
  • Detect unauthorized activity.

The SEC believes that industry participants will benefit from this guidance, which can be found at: SEC Cybersecurity Sweep Summary. Firms should consider assessing their supervisory, compliance, and other risk management systems related to cybersecurity risks. They should make appropriate changes to address or strengthen those systems.

The SEC also published guidance for consumers to help them guard against cyber threats entitled Investor Bulletin: Protecting Your Online Brokerage Accounts from Fraud. The guide from the SEC’s Office of Investor Education and Advocacy (OIEA) offers suggestions on how investors can protect their online investment accounts.

The publication offers many tips to help consumers protect their online accounts such as selecting a “strong” password. The strongest passwords consist of a combination of numbers, upper and lower case letters, punctuation, and special characters. Consumers should refrain from using the same password for all of their online accounts.

Consumers should also exercise caution when using public networks and wireless connections. Wireless networks usually do not offer as much security as wired Internet connections. Many hotspots in hotel lobbies and airports pose an increased risk when consumers access their online brokerage accounts.
The publication for investors can be found here.