On February 3, the SEC’s Office of Compliance Inspections and Examinations (OCIE) published a Risk Alert that contains observations based on examinations of more than 100 broker-dealers and investment advisers. The examinations focused on how these firms:
- Identify cybersecurity risks
- Establish cybersecurity policies, procedures, and oversight processes
- Protect their networks and information
- Identify and address risks associated with remote access to client information, funds transfer requests, and third-party vendors
- Detect unauthorized activity
A second publication, an Investor Bulletin issued by the SEC’s Office of Investor Education and Advocacy (OIEA), provides core tips to help investors safeguard their online investment accounts, including:
- Pick a “strong” password
- Use two-step verification
- Exercise caution when using public networks and wireless connections