In case you hadn’t heard, the Securities and Exchange Commission recently fined eight financial firms a total of $750,000 over email hacks that exposed client data. The SEC found that the firms had inadequate cybersecurity protections, which led to the exposure of personally identifiable information of thousands of customers and clients after hackers took over employee email accounts.
Despite what their own cybersecurity policies mandated, these firms did not have multifactor authentication (MFA) in place. The SEC found these firms in violation of the “Safeguards Rule,” more formally known as Rule 30(a) of Regulation S-P, which is designed to protect confidential customer information.
Ouch. As we’ve said before, it is not enough to have a cybersecurity policy, the policy must be implemented, actively monitored, and enforced in order for it to be defendable (and for the firm to stay protected).
Ironically, we chose to address the importance of MFA in our August Tech Trends blog Ransomware Attacks Are Closer Than You Think. Given recent headlines, we thought it was important to reiterate the best practices for staying secure:
We can’t overstate the importance of keeping your network secure. A hacked system – whether through compromised email or other means – can have severe and even devastating consequences, not only for the firms that are attacked, but for the individuals and families whose personal and financial information ends up in the hands of bad actors.
Our team of professionals has the right expertise to ensure your technology and cybersecurity complies with the strictest guidance and passes regulatory muster.
Active monitoring and implementation of cybersecurity protocols and procedures using leading edge technology keeps your business and your data safe and secure.