If you suffer a cyber security breach at your company and don’t report it, then you could face some serious consequences.
A new report has suggested that regulators are looking to clampdown on advisors that are not reporting internet security breaches with suggestions that many firms are actually going out of their way to avoid making reports.
According to Brian Edelman, who is the chief executive for cyber security at Financial Computer Services, many advisors were able to “get away with it” in the past: however, regulators are making security a top priority and so this is about to change.
At the moment, in the US, firms are not required to report breaches to Finra or the SEC, although they must meet state regulations. However, now regulators are going to press forward with their scrutiny: recently, RT Jones paid $75,000 for not having a cyber security policy in place as a breach put the data of 100,000 customers at risk.
According to the report, many advice firms are lagging behind when it comes to internet security. A host of incidents are occurring as a result of inadequate encryption, hacked emails and weak passwords. Indeed some firms are even failing to shred paper documents thoroughly.
To avoid the wrath of the regulators, it is recommended that advisors log every breach and contact third parties to determine the steps they need to take.