When cybersecurity is covered in the industry press these days, there often is discussion about its importance but unfortunately a lack of specificity in what steps an investment adviser can take to improve information security and IT practices. Even the recent cybersecurity exam sweep results of the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (“SEC”) are somewhat difficult for investment advisers to interpret and translate into an information security plan; however, the SEC’s Office of Investor Education and Advocacy recently issued a bulletin giving investors tips on protecting their online accounts. These recommendations to help protect an investor’s online account from fraud appear to RIA Compliance just as applicable to an investment adviser devising its cybersecurity policies and practices.
The SEC’s Investor Bulletin: Protecting Your Online Brokerage Accounts from Fraud offers the following cybersecurity tips:
- Pick a “strong” password keep, keep it secure, and change it regularly.
- Use two-step verification, if available.
- Use different passwords for different online accounts (i.e., brokerage, banking, retirement, or other similar financial accounts).
- Avoid using public computers to access your online brokerage account.
- Use caution with wireless connections.
- Be extra careful before clicking upon links sent to you.
- Secure your mobile devices.
- Regularly check your account statements and trade confirmations.
If you’d like to learn of additional best cybersecurity practices for an investment adviser, please consider purchasing our recent webinars, Cybersecurity for Investment Advisers and Insight into SEC Exam Priorities for 2015.