SEC Safeguards Rule Part 2: What IT Security Level Is Acceptable for Financial Firms?
The Securities and Exchange Commission’s Safeguards Rule calls for the financial services industry to carefully protect your customers’ personal information. This is done through IT policy, practice and proactive monitoring of your safeguard systems.
To ensure compliance with the SEC’s mandate, financial services businesses must go beyond adopting policies and procedures to secure customer records and protect it from any anticipated threats or hazards. An effective backup and disaster recovery plan along with up-to-date IT security practices are essential to meeting this requirement.
Implement a workable, reliable disaster recovery strategy
Unfortunately, many businesses don’t think about backups and disaster recovery until it’s too late. Fortunately for the financial services industry, the SEC insists that you do.
From natural disasters and cyber-attacks to employee mishaps, your IT environment is vulnerable. A disaster recovery plan should include local and offsite (cloud-based or data center) backups with a method in place to roll over backups and restore data in a timely manner if (when) your system is damaged. If a server malfunctions for any reason, the backup rolls over to another server to provide a complete fail-safe.
A BDCR plan is not a “set it and forget it” option as evidenced by Morgan Stanley’s SEC case where they were fined for not making sure the written policies they had implemented were tested and monitored. The creation and execution of test plans along with 24/7 monitoring of your recovery strategy ensure your business can survive a major event – whether it’s a ransomware attack, an electrical outage or an employee spilling their Coke onto their keyboard.
Keep your IT environment up-to-date
From firewalls and servers to software, the security of your data depends upon having updates, patches and real-time defenses against cyber-attacks – which are happening more and more frequently these days. If your software is out of date and is no longer supported by the developer, it becomes a portal for hackers and diminishes employee productivity. Older firewalls and antivirus softwares cannot stand up to today’s sophisticated cyber-attacks. Your technology needs to be proactively managed on an ongoing basis.
Train your employees
While outside forces like cyber attackers and hurricanes dominate the headlines, many security breaches come out of simple mistakes made by end users. According to the Data Breach Trends for the first six months of 2017, 16% percent of data breach incidents were the result of insider activity and 1.73 billion records were accidentally exposed by insiders. This doesn’t include the 2 billion records exposed by “unknown insiders.”
In addition to making sure employees are fully aware of data security policies surrounding access and permissions, they also need to know how to recognize suspicious emails and strange computer performance. Insisting upon strong password management and protecting data with security protocols is your first line of defense against data loss.
itSynergy collaborates with you to address risk and loss concerns. Our IT professional team works with your team to get all business and technology pieces in place to ensure you have a working, reliable, SEC compliant strategy – contact us at 602-297-2400 or online.
Legal disclaimer: This article is not legal advice. Be sure to check with your legal professional about any and all SEC laws that impact your business.