Business Continuity Planning/Cybersecurity

You better know what ‘quishing’ is

FINRA suggests broker-dealers need to make sure their IT personnel are aware of the quishing attack vector

Six ransomware lessons from cybersecurity case

A new SEC enforcement case contains lessons on what not to do if your firm suffers a ransomware attack

SEC Commissioner Peirce, Uyeda take issue with cyber case against adviser

"Also concerning is the Commission’s decision to stretch the law to punish a company that was the victim of a cyberattack. While an enforcement action may be warranted in some circumstances, distorting a statutory provision to form the basis for such an action inappropriately amplifies a company’s harm from a cyberattack"

Firm fined $2.1M for cybersecurity shortfalls, cyber lessons

The "threat actor was able to utilize deceptive hacking techniques to install encryption software on certain" of the adviser's "computers (mostly virtual machines) and exfiltrated 70 Gigabytes of data, including data belonging to 29" clients, some of which contained personal identification and financial information

About this page

The SEC is on the record: a firm’s compliance P&Ps should cover business continuity plans. How you address the critical issue of your firm’s BCP, however, is for the most part up to you. Your cybersecurity approach also dovetails with your BCP. In this collection you can find our continuously updated BCP/Cyber news, analysis, “best practices” tips, compliance P&Ps, templates, matrices and more.

SEC’s proposed cybersecurity rule for IAs




Copyright PEI Media

Not for publication, email or dissemination