With the new cybersecurity compliance regulation 206(4)-9 soon to be in effect, SEC registered financial firms have a lot to consider when it comes to their cybersecurity protocols.
These new regulations require them to protect customer information and data from unauthorized access or use, as well as prevent any malicious attacks on their systems. As such, many steps must be taken for these firms to ensure they remain compliant with this new regulation.
To help SEC CCO’s comply with this rule, here are five key steps they (or their cyber designee) should take:
1) Create strong passwords – Companies should make sure all employee passwords meet the requirements outlined by regulatory bodies like NIST or ISO27001/2 standards for password length and complexity. Moreover, regular checks should also be conducted on employee passwords so that weak ones can be identified quickly and replaced before hackers can exploit them.
2) Implement user authentication – Organizations should ensure that all users are authenticated before granting them access to any sensitive data. Multi-factor authentication is the gold standard when it comes to user authentication and should be implemented whenever possible.
3) Regular patching and updating – Outdated software can be a major security weak point for any organization. Therefore, companies must make sure all their software is regularly being patched and updated with the latest security patches.
4) Monitor suspicious activity – Companies should always monitor for any suspicious user activity or log-ins from unfamiliar IP addresses. Any such activities should be investigated immediately to prevent potential breaches.
5) Perform regular penetration tests or vulnerability scans – Penetration testing helps organizations identify potential vulnerabilities in their systems and networks that could be exploited by malicious actors. It is important for SEC registered firms to regularly conduct such tests to stay one step ahead of any potential attackers.
By following these best practices, SEC-registered financial firms can ensure they are fully compliant with 206(4)-9, as well as any other applicable regulations. Doing so will help them protect their customer data and information from cyber threats and ensure the safety of their business.