Earlier this year, the SEC announced Rule 206(4)-9 as part of their sweeping overhaul of cybersecurity regulations. We are moving from a period where the SEC provided cybersecurity “guidance” to a period of cybersecurity “regulation”.
One of these proposed rules will require that firms must provide cybersecurity awareness training to their employees on an annual basis. Providing cybersecurity awareness training is the second most important cybersecurity tip we can offer. (Use 2FA on all accounts, is the first)
In order to understand why cybersecurity awareness training is so important, it’s first necessary to understand what cyberattacks are and how they work. A cyberattack is any type of attack that is carried out using electronic means. These attacks can take many different forms, but they all have one thing in common: they exploit vulnerabilities in order to gain access to sensitive information or systems.
The most common type of cyberattack is a phishing attack. Phishing attacks use emails or other communications that look legitimate in order to trick the recipient into giving up sensitive information, such as login credentials or financial information. Once the attacker has this information, they can use it to gain access to systems or steal money.
Another common type of attack is a malware attack.
Malware is short for malicious software, and it refers to any software that is designed to harm a computer system. Malware can be used to disable systems, delete files, run up toll charges, or even steal information. One of the most famous examples of malware is the WannaCry ransomware attack, which infected millions of computers around the world and caused billions of dollars in damage.
These are just two examples of the many different types of cyberattacks that exist. It’s important for businesses to be aware of all the different types of attacks that exist so that they can be better prepared to defend against them. This is where cybersecurity awareness training comes in.
MTradecraft provides this training to our clients through our FieldCraft platform. FieldCraft provides employees with the knowledge they need to identify and defend against common cyberattacks and tests their skills with real world simulations.
When employees are trained in cybersecurity best practices, they are better equipped to spot attacks when they occur and take steps to prevent them from happening in the first place. Cybersecurity awareness training can also help businesses create a culture of security within their organization, which can further reduce the risk of an attack occurring in the first place.
The SEC’s proposal for mandatory cybersecurity awareness training is a step in the right direction towards protecting registered firms from cyber threats. By teaching employees about common attacks and how to defend against them, firms can significantly reduce their risk of being breached. In addition, creating a culture of security within an organization can help further reduce the risk of an attack occurring in the first place. All SEC and FINRA registered firms should take this rule seriously and implement mandatory cybersecurity awareness training for their employees as soon as possible.