Would Your Cybersecurity Procedures Withstand an Examination

Nov. 06, 2017

The North American Securities Administrators Association (NASAA) recently released a report referencing nearly 700 cybersecurity-related deficiencies uncovered in examinations of state-registered investment advisers in 2017.  This report follows numerous announcements by NASAA presidents past and present indicating that cybersecurity continues to be a top priority for state securities regulators.  In short, the report is a very obvious sign that state regulators are very likely to ask investment advisers about cybersecurity next time they knock on your door, and they will expect some robust answers.

Below are specific cybersecurity deficiencies cited in the report, listed in descending order from most to least prevalent. How would your firm fare if asked about these issues during an exam?

Common Cybersecurity Deficiencies

  • No or inadequate cybersecurity insurance

  • No testing of cybersecurity vulnerability

  • Lack of procedures securing/limiting access to devices

  • No IT or technology specialist/consultant

  • Lack of procedures for how hardware/software is updated and upgraded

  • Weak or infrequently changed passwords

  • Lack of procedures on use of the Internet (public Wi-Fi, VPN, etc.)

  • No contract or written agreement with technology specialist/consultant

  • Lack of procedures addressing phishing and other unauthorized access attempts

  • Lack of procedures for establishing training on protection against breaches

  • No off-site storage of back-up data

  • Lack of procedures on oversight of third-party IT or data service providers

Along with its report, NASAA also issued a Cybersecurity Checklist for Investment

Advisers—a great tool for firms needing to self-assess weak points in their cybersecurity policies.  


Written By:
Brian Edstrom

Brian Edstrom is a Shareholder and Attorney at Avisen Legal, P.A.  He brings to Avisen seven years of experience working for federal and state regulators

E-mail Brian

Offices:
901 Marquette Ave S.
Suite 1675
Minneapolis, MN 55302

Call Us:

(612) 584-3400