With more businesses bracing for cyberattacks, the Securities and Exchange Commission (SEC) is advising financial services companies about how to protect themselves and the sensitive data they hold. The SEC has used its audit observations to provide detailed information aimed to help the industry. This report came days after the National Security Agency (NSA) also released guidelines, highlighting how security and privacy issues are becoming a significant focus in the regulatory spectrum.
The SEC’s report is broken down into subsections of categories that have been discussed in the broader cybersecurity market for a long time.
These categories include:
- Governance and Risk Management
- Access
- Data-loss Prevention
- Mobile Security
- Incident Response
- Vendor Management
- Employee Training
The entire report can be found here.
While an article from Program Business highlights why some of these guidelines may be difficult for smaller businesses to adhere to, this type of report is mostly positive. The observations the SEC has made are consistent with what the cybersecurity and insurance market have been discussing. This breakdown allows organizations to digest and focus on critical issues that affect their industry specifically.
While proper cyber hygiene is ultimately what all organizations should strive for, the information shared by the SEC provides useful guidelines and background of what regulators look for when conducting cyber audits. To find out more about protecting your business and to stay in the know on best cyber practices, talk to your trusted RCM&D advisor today.