CYBERSECURITY

General

FINRA Warns Firms of Regulator Impersonators

Recently, FINRA has received reports of member firms receiving telephone calls from persons claiming to work for FINRA in an attempt to deceive firms into revealing confidential information. FINRA is notifying firms that these individuals may be impersonators. Firms that receive telephone calls or emails purportedly from someone at FINRA requesting any type of information— confidential or otherwise—should use caution and verify the identity of the caller or sender before providing any information or responding to an email.

FINRA Information Notice (July 13, 2018): FINRA Warns Firms of Regulator Impersonators

 

SEC Investor Bulletin

The SEC’s Office of Investor Education and Advocacy issued this Investor Bulletin to help investors protect their online investment accounts from fraud. As with all web-based accounts, investors should take precautions to help ensure that their online investment accounts remain secure. These online security tips can help.

SEC Investor Bulletin:  Protecting Your Online Accounts from Fraud (April 26, 2017)

 

A Small Entity Compliance Guide: Final Model Privacy Form Under the Gramm-Leach-Bliley Act

The model privacy form is designed to make it easier for consumers to understand how financial institutions collect and share their personal financial information and to compare different institutions' information practices. For a guide to implementing these procedures visit: https://www.sec.gov

 

FINRA Report on Cybersecurity Practices

Like many organizations in the financial services and other sectors, broker-dealers (firms) are the target of cyberattacks. The frequency and sophistication of these attacks is increasing and individual broker-dealers, and the industry as a whole, must make responding to these threats a high priority.

A variety of factors are driving firms’ exposure to cybersecurity threats. The interplay between advances in technology, changes in firms’ business models, and changes in how firms and their customers use technology create vulnerabilities in firms’ information technology systems. For example, firms’ Web-based activities can create opportunities for attackers to disrupt or gain access to firm and customer information. Similarly, employees and customers are using mobile devices to access information at broker-dealers that create a variety of new avenues for attack.

The landscape of threat actors includes cybercriminals whose objective may be to steal money or information for commercial gain, nation states that may acquire information to advance national objectives, and hacktivists whose objectives may be to disrupt and embarrass an entity. Attackers, and the tools available to them, are increasingly sophisticated. Insiders, too, can pose significant threats.

In February 2015, FINRA issued a report intended to assist firms in making responding to cybersecurity threats a priority. The report is based on FINRA’s 2014-targeted examination of firms and other related initiatives.

•  FINRA Report on Cybersecurity Practices (February 2015): This report presents an approach to cybersecurity grounded in risk management to address cybersecurity threats. It identifies principles and effective practices for firms to consider, while recognizing that tthere is no one-size-fits-all approach to cybersecurity.

Resources

FINRA Cybersecurity Topic Page

Given the evolving nature, increasing frequency, and sophistication of cybersecurity attacks – as well as the potential for harm to investors, firms, and the markets – cybersecurity practices are a key focus for FINRA. Visit the link below for more information on related rules, notices, guidance, news and investor education

• FINRA Topic Page:  Cybersecurity

 

Webinar: Cybersecurity Considerations for Small Firms

This one-hour free webinar tackles a top priority for small firms: building an effective cybersecurity program with limited resources. Panelists share best practices, with a focus on how small firms can apply the National Institute of Standards and Technology (NIST) framework. The webinar includes a discussion on the following topics.

  • Overview of NIST Framework
  • The role compliance should play in addressing cyber risks
  • Factors for developing a cybersecurity program
  • Focus of FINRA examinations
  • Considerations for recognizing a cyber-attack and developing a process for response

Note: Access to webinars is limited to FINRA member firms and CRCP graduates.