FINRA Provides Cybersecurity Checklist to Small Firms

Posted on June 14th, 2016 at 5:26 PM
FINRA Provides Cybersecurity Checklist to Small Firms

From the Desk of Jim Eccleston at Eccleston Law LLC:

On May 23, 2016 FINRA introduced a Cybersecurity Checklist to “assist small firms in establishing a cybersecurity program to identity and assess cybersecurity threats, protect assets from cyber intrusions, detect when their systems and assets have been compromised, plan for the response when a compromise occurs and implement a plan to recover lost, stolen or unavailable assets.” This checklist is primarily derived from the National Institute of Standards and Technology (NIST) Cybersecurity Framework and FINRA’s Report on Cybersecurity Practices.

Cybersecuirty should be taken seriously by financial organizations because it protects investors and firm information from compromise or the loss of data confidentiality, integrity or availability. The general checklist methodology includes questions such as:

1)      Do you store, use or transmit personally identifiable information (PII) (e.g., social security numbers or date of birth) or firm sensitive information (e.g. financial records) electronically?

If your answer is yes to this question then you must: identify and assess risks,        protect information, protect encryption, protect controls, protect information,      detect penetration, detect testing, detect intrusion and have a response plan in   place.

2)      Do you transmit PII or firm sensitive information to a third party, or otherwise allow access to your PII or firm sensitive information by a third party?

If you answer yes to question 2, you must identify and asses risks from third parties.

3)      Do your employees (or independent contractors) maintain devices that access PII or firm sensitive information?

If you answer yes to question 3, you must protect employee devices.

4)      Do you have assets that if lost or made inoperable would impact your firm’s operations (e.g. trading or order management systems)?

If you answer yes to question 4, you must protect system assets.

5)      If your systems, PII or firm sensitive information were made inoperable or stolen, would you need to recover them to conduct business?

If you answer yes to question 5, you must have a system in place for recovery.

FINRA specifically points out that the “use of this checklist does not create a safe harbor with respect to FINRA rules, federal or state securities laws, or other applicable federal or state regulatory requirements” See more>>

The attorneys of Eccleston Law LLC represent investors and advisers nationwide in securities and employment matters. Our attorneys draw on a combined experience of nearly 65 years in delivering the highest quality legal services. If you are in need of legal services, contact us to schedule a one-on-one consultation today.

Related Attorneys: James J. Eccleston

Tags: Eccleston, Eccleston Law, Eccleston Law LLC, James Eccleston

Return to Archive

TESTIMONIALS

Previous
Next

Hiring Eccleston Law has been one of the best career decisions I have made and this "investment" to maintain my sterling regulatory record has been returned many times over.  If you are in a situation where you've been unfairly accused, don't hesitate to talk with Eccleston Law. They are the best.

Thomas C.

LATEST NEWS AND ARTICLES

October 2, 2024
SEC Charges Two South Florida Men for Defrauding Venezuelan-American Investors in $5 Million Scheme

The Securities and Exchange Commission (SEC) has filed a complaint against two South Florida men, Francisco Javier Malave Hernandez and Ricardo Javier Guerra Farias, for orchestrating a multi-million dollar investment fraud that targeted members of the Venezuelan-American community.

October 1, 2024
California Advisor Suspended and Fined for Churning Client Accounts

A veteran advisor in Santa Maria, California, Stewart "Paxton" Ginn, has been suspended for 18 months and fined $50,000 by FINRA, according to AdvisorHub

September 30, 2024
Bank of America and Merrill Lynch Settle with FINRA for Supervisory Failures

Bank of America and its subsidiary, Merrill Lynch, have agreed to a $3 million fine and censure as part of a settlement with FINRA over long-term supervisory failures.