Desktop version

Home arrow Sociology arrow The socially savvy advisor

NEW CYBERSECURITY INITIATIVE

As advisors slowly expand their involvement in social media, their greater presence on the Web can lead to other risks of a more technological sort. We know, from following the Target credit card data breach of some 40 million customers, that hackers can be very quick. Following similar action by the Securities and Exchange Commission (SEC), FINRA announced in early 2014 that it would be conducting assessments of firms' approaches to managing cybersecurity threats.[1]

FINRA said it launched the initiative because firms rank cybersecurity among their top five risks. FINRA said it would begin by surveying 20 firms across different business models

FINRA said it's “conducting this assessment in light of the critical role information technology (IT) plays in the securities industry, the increasing threat to firms' IT systems from a variety of sources, and the potential harm to investors, firms, and the financial system as a whole that these threats pose.” FINRA has four broad goals with the effort:

1. To understand better the types of threats that firms face.

2. To increase its understanding of firms' risk appetite, exposure, and major areas of vulnerabilities in their IT systems.

3. To better understand firms' approaches to managing these threats, including through risk-assessment processes, IT protocols, application management practices, and supervision.

4. As appropriate, to share observations and findings with firms.

The assessment addresses a number of areas related to cybersecurity, including firms':

■ Approaches to information technology risk assessment.

■ Business continuity plans in case of an online attack.

■ Organizational structures and reporting lines.

■ Processes for sharing and obtaining information about cybersecurity threats.

■ Understanding of concerns and threats faced by the industry.

■ Assessment of the impact of attacks on the firm over the preceding 12 months.

■ Approaches to handling distributed denial of service attacks.

■ Training programs.

■ Insurance coverage for cybersecurity-related events.

■ Contractual arrangements with third-party service providers.

In many ways, FINRA appears to be moving more quickly to address emerging issues from technology and social media than in years past. The good news is that they are recognizing that social media is a communications medium that is here to stay.

  • [1] “Re: Cybersecurity,” FINRA Target Examination Letters, January 2014, finra.org/Industry/Regulation/Guidance/TargetedExaminationLetters/P443219. Accessed June 8, 2014.
 
Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >

Related topics