SIFMA Issues Cybersecurity Guidance
The Securities Industry and Financial Markets Association (SIFMA) recently released its Small Firms Cybersecurity Guidance to help securities firms implement the basics of a good cybersecurity program. (Despite its name, SIFMA’s Small Firms Cybersecurity Guidance has tips that securities firms of all sizes could benefit from.) SIFMA’s Guidance includes eight basic cybersecurity “action items” that securities firms could consider implementing, many of which have been the subject of SEC and FINRA enforcement actions. For example, citing a study which found that “76% of network intrusions and the top five methods of hacking both utilized weak or stolen passwords,” SIFMA first recommends that securities firms take the almost too obvious (yet very important) step of requiring and enforcing “strict” and “robust” password security requirements. SIFMA also recommends, among other things, that firms control administrative access to the firms’ systems and data, and that firms focus on mobile device security. To learn more about SIFMA’s Cybersecurity Guidance, view this article.
