IT The Way It's Supposed To Be!

818-501-3390

The IT Blog for LA Businesses - Valuable Technology Insights

SEC Alerts Advisers on WannaCry Ransomware Cyberattacks

Posted by Craig Pollack on May 17, 2017 8:31:00 AM

SEC Alerts Advisers on WannaCry Ransomware Cyberattacks

In the wake of the pervasive "WannaCry" ransomware cyberattack over the past few days, the Securities and Exchange Commission issued a cybersecurity alert on Wednesday to broker-dealers, advisers and investment funds with a number of recommendations.

The alert from the Office of Compliance Inspections and Examinations emphasized the importance of firms conducting vulnerability scans and penetration tests on their networks and also stressed the necessity of keeping their systems upgraded timely and consistently.

OCIE’s National Examination Program staff recently examined 75 SEC registered broker-dealers, investment advisers, and investment funds to assess industry practices and legal, regulatory, and compliance issues associated with cybersecurity preparedness. They observed a wide range of information security practices, procedures, and controls. Some of their findings include:

  • Cyber-risk Assessment: 5% of broker-dealers and 26% of advisers and funds examined did not conduct periodic risk assessments of critical systems to identify cybersecurity threats, vulnerabilities, and the potential business consequences.
  • Penetration Tests: 5% of broker-dealers and 57% of the investment management firms examined did not conduct penetration tests and vulnerability scans on systems that the firms considered to be critical.
  • System Maintenance: All broker-dealers and 96% of investment management firms examined have a process in place for ensuring regular system maintenance, including the installation of software patches to address security vulnerabilities. However, 10% of the broker-dealers and 4% of investment management firms examined had a significant number of critical and high-risk security patches that were missing important updates. 

Note: As far as System Maintenance goes, if you're an FPA Managed Service client and you're fully on our "FPA Stack", then you're well protected. 

What you should do...

  • document your approach (one of the best ways for this is through FPA's Technology Security Assessment)
  • define and implement the appropriate security policies
  • implement an ongoing user training program!
  • ensure all endpoints are secure
  • control what programs are allowed to run on your firm's computers
  • consider implementing dual-factor authentication
  • implement a solid backup and disaster recovery solution

For more details, check out some of our recent blog posts:

What do you think? Has this info been helpful? Let us know in the Comment box below or shoot me an email if you’d like to chat about this in more detail.

Click Here to Request Your Free Technology Review Call Today

Topics: General Business Owner Articles, Cyber Security

Subscribe to LA's Preeminent IT Service Provider Blog