Failures in Cybersecurity Policies and Procedures Lead to SEC Actions
The SEC fines eight financial advisory firms $200k to $300k each for failures in their cybersecurity policies and procedures, leading to email account takeovers and exposing the personal identifying information of thousands of customers and clients at each firm.
The firms included Cetera Advisor Networks LLC, Cetera Investment Services LLC, Cetera Financial Specialists LLC, Cetera Advisors LLC and Cetera Investment Advisers LLC (collectively, the Cetera Entities); Cambridge Investment Research Inc. and Cambridge Investment Research Advisors Inc. (collectively, Cambridge); and KMS Financial Services Inc. (KMS). All were Commission-registered as broker-dealers, investment advisory firms, or both.
The SEC's order finds that although Cambridge discovered the first email account takeover in January 2018, it failed to adopt and implement firm-wide enhanced security measures for cloud-based email accounts of its representatives until 2021, resulting in the exposure and potential exposure of additional customer and client records and information.
Ensure Compliance Peace of Mind
eDiscovery and visibility of data in the cloud is increasingly becoming a number one priority. The Veritas Digital Compliance portfolio has the tools organizations need to avoid these types of costly actions. From Merge1’s effective capture and archiving ability for the most popular data sources to Enterprise Vault.cloud’s Advanced eDiscovery and Advanced Supervision complete discovery and broad compliance management capabilities, we’ve got you covered.
Firms like those sanctioned above could benefit from Data Insight’s ability to make informed information protection and deletion choices and minimize potential security risks. Investigate user risk and identify malicious versus unusual behaviors by capturing file and user activity for billions of actions and use big data capabilities to create trend lines and identify strange outliers. Effective monitoring and user insights can allow for early action into compliance risks.
Securing your cybersecurity policies and procedures is essential to staying out of the SEC’s eye and steering clear of regulatory actions. Be proactive about your risk, and contact us today.
The Veritas Insights blog brings the latest news and views about how to gain visibility into your data, storage, and backup infrastructure to take control of data associated risks.