The SEC has identified 28 specific cybersecurity risks and wants to know how advisory firms are managing these risks. Are firms inventorying all physical devices and software platforms? Are they mapping network resources? Are they cataloguing connections to the firms’ network from external sources?
Chris Stanley, general counsel and chief legal officer for portfolio management firm Loring Ward, said that ultimately, the SEC may hand down guidance and rule making, but for now, advisers can use the agency’s recent risk alert as an opportunity to step up their cybersecurity preparedness.
With that in mind, here are 10 tips for advisers who want to identify cyberthreats so they can shut them down.
Hackers seeking to gain entry into a computer system look for the weakest link. Poorly constructed passwords and unencrypted data, for example, give cybercriminals a point of entry. So do shared passwords and untended computers that don’t lock automatically after a set number of minutes.