Dawn M. Levant, Manager, Audit & Accounting
Cybersecurity is the practice of protecting networks, devices, and data from unauthorized access or criminal use. Today, everything relies on computers, no industry is immune, and the volume of data and availability of information puts firms and capital markets at risk each day.
Importance of Information Security
For the eighth year in a row, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) announced it would continue to prioritize information security in its 2020 examinations.
Observations and Best Practices
On January 27, 2020, OCIE released a 13-page report detailing observations relating to cybersecurity and best practices. The observations are based on thousands of examinations of broker-dealers, investment advisers, clearing agencies, national securities exchanges, and other SEC registrants, according to the report published on its website.
The observations highlight practices in the following areas:
- Governance and Risk Management
- Access Rights and Controls
- Data Loss prevention
- Mobile Security
- Incident Response and Resiliency
- Vendor Management
- Training and Awareness
OCIE recognized that “there is no such thing as a ‘one size fits all’ approach, and that all of the practices may not be appropriate for all organizations. It was providing these observations to assist market participants in their consideration of how to enhance cybersecurity preparedness and operational resiliency.”
As part of its operational due diligence program, Kreischer Miller reviews an investment manager’s cybersecurity program. We look at written policies and procedures, meet with technology teams, and obtain an understanding of how a manager identifies risks, addresses those risks, and enforces its policies and procedures, including the training of its employees.
Please contact us to learn more about Kreischer Miller’s operational due diligence services or to discuss your firm’s needs.
Dawn M. Levant can be reached at firstname.lastname@example.org or 215.441.4600.
You may also like: