• Partners
  • Contact Us
  • Client Support
Coretelligent
  • About
    • Why Choose Coretelligent As Your Managed Service Provider?
    • Core Values
    • Leadership
    • Testimonials
    • Careers
  • Solutions
    • Overview
    • IT Planning & Strategy
    • Comprehensive IT Support
    • Security & Compliance
    • Unified Cloud Management
    • Backup & Disaster Recovery
    • Co-Managed Services
  • Industries
    • Overview
    • Financial Services
    • Real Estate
    • Life Sciences
    • Technology
    • Professional Services
  • IT Resources
    • Resource Library
    • Blog
    • Events
    • Press Releases
    • Media Coverage
  • Contact
  • Search
  • Menu

Insights Articles

Our Information Technology Views and Articles

SEC Targets Financial Firms for Security Compliance Failures. Could You Be Next?

Insights
September 15, 2021

SEC Targets Financial Firms for Security Compliance Failures. Could You Be Next?In late August of 2021, the SEC sanctioned eight financial services firms in three separate actions for security compliance failures. The SEC contends that the firms failed to establish and implement adequate cybersecurity policies and procedures. The SEC charged Cetera Entities, Cambridge, and KMS with violating Rule 30(a) of Regulation S-P, also known as the Safeguards Rule, which protects confidential customer information. According to the SEC, the failures “resulted in email account takeovers exposing the personal information of thousands of customers and clients.” The firms settled and agreed to pay $750,000 in fines.

The SEC’s enforcement actions against these companies should be a reminder of how crucial it is to have an effective cybersecurity program in place at your financial services firm. Security processes designed to prevent unauthorized access, malware, phishing, viruses, ransomware, and other malicious threats will both protect your firm from criminals and fines, penalties, and lawsuits.

What’s at Stake?

Cybersecurity incidents involving breaches of personally identifiable information—like social security numbers, credit card details, and bank accounts—can cause significant damage to a firm’s business reputation. Furthermore, your firm may face fines, lawsuits, regulatory investigations, and even legal liability. In addition, remediation costs, including lost revenues, damages, penalties, and settlements, are also likely. A typical data breach costs companies $4.24 million per incident, according to a July 2021 report from IBM.

The SEC Means Business

It seems that the current landscape of ransomware and other cyber threats has spurred the SEC to take a more aggressive stance against security compliance deficiencies. As a result, this summer has seen additional enforcement actions from the body. In June, the SEC charged First American Financial Corporation and later Pearson for similar exposures of sensitive customer data. This indicates that the SEC is moving to heighten its enforcement of cybersecurity rules and disclosure procedures amongst public companies. Key areas of focus in the recent sanctions have focused on:

    • Failure to implement and adopt widely accepted cybersecurity best practices.
    • Insufficient timely disclosures of lapses when they were identified
    • Inadequate and misleading language in breach notifications to clients and regulators about incidents

“Investment advisers and broker-dealers must fulfill their obligations concerning the protection of customer information,” said Kristina Littman, Chief of the SEC Enforcement Division’s Cyber Unit about the August announcement. “It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks.”


Related Content → What You Need to Know About Cybersecurity and Compliance for Financial Services Companies


Safeguard Your Financial Services Firm from Security Compliance Errors

This increased enforcement should serve as a wake-up call to financial institutions: Senior executives must better safeguard the personal information entrusted to them by consumers.

Accordingly, Coretelligent recommends that all financial advisors, brokers, and investment firms review their current cybersecurity vulnerability and compliance programs and consider implementing additional defenses to protect client information.

So, let’s start with some basics. What do the SEC security requirements include? Here are just some of the key elements that financial service firms can apply for strengthening their cybersecurity safeguards.

    1. Implementing and maintaining comprehensive written policies regarding cybersecurity
    2. Establishing and regularly testing computer network defenses
    3. Developing and executing a risk assessment plan
    4. Training employees about cybersecurity risks
    5. Ensuring that usernames and passwords used by employees comply with industry standards
    6. Implementing multi-factor authentication
    7. Monitoring network traffic for suspicious activity
    8. Notifying regulators promptly after discovering a breach.

At Coretelligent, our security and compliance solutions are designed with the needs of financial services organizations in mind. When you work with Coretelligent, you are gaining an IT partner who truly understands the security compliance needs of the financial services sector. Free your team to innovate at scale while we provide your financial services company with the solutions to protect against cyberattacks and fines from data breaches.  Contact us today at 855-841-5888 or fill out our online form to receive a quick return call.

 

by Jen Wallace
Tags: compliance, cyber attacks, cybersecurity, financial services
« Apple Releases Patch for Apple Devices at Risk of Spyware HackIT Roadmap for Life Sciences Industry from Startup to IPO »

Latest Insights / Articles

May 18, 2022

The Dangers of Data Exfiltration in Cyber Attacks

April 28, 2022

3 Things Your CISO Wants You to Know About Risk Management

April 25, 2022

Understanding Common Vulnerabilities Facing Life Sciences

April 25, 2022

10 Questions to Ask a Potential Managed IT Service Provider

Read our Latest Resources
Best Practices for Safeguarding Against Critical Cyber Threats

Safeguard Against Critical Cyber Threats

Download Now
Strategic IT Planning

Paving the Road to Success with Strategic IT Planning

Download Now
Solving Cybersecurity for Financial Services On-Demand Webinar

Solving Cybersecurity for Financial Services On-Demand Webinar

Download Now

About

  • Why Choose Coretelligent As Your Managed Service Provider?
  • Core Values
  • Leadership
  • Testimonials
  • Partners
  • Careers

Solutions

  • Overview
  • IT Planning & Strategy
  • Comprehensive IT Support
  • Security & Compliance
  • Unified Cloud Management
  • Backup & Disaster Recovery
  • Co-Managed Services

Industries

  • Overview
  • Financial Services
  • Real Estate
  • Life Sciences
  • Technology
  • Professional Services

Contact

Sales & Support: 1-855-841-5888

Email: info@coretelligent.com

Support Service Center

Let’s Talk

Schedule a no-obligation consultation.

Contact Us Today

Locations

Atlanta

Boston

Chicago

Dallas

Houston

Los Angeles

Maryland

New York

Philadelphia

Portland

San Francisco

Stamford

Tampa

Washington, D.C.

West Palm Beach

Virginia

Follow Us

  • Facebook
  • Twitter
  • LinkedIn

© 2022 Coretelligent. All rights reserved.

Privacy Policy

CCPA Privacy Notice

Scroll to top

This site uses cookies. By continuing to use this site, you accept our use of cookies. Our privacy policy was recently updated on November 2, 2018. Learn more about our Privacy Policy here.

I Accept