SEC Cybersecurity
Guidance for
Registered Investment
Advisors

What is the cybersecurity guidance?

SEC Cybersecurity Guidance Main DocumentThe main document that outlines the SEC cybersecurity guidance (and the expectations from the OCIE) is the “OCIE’s 2015 Cybersecurity Examination Initiative.

This five-page document spells out 34 specific cybersecurity measures that each firm needs to address.

Additionally, the SEC has published a number of other pieces of cybersecurity-related guidance that you should consider, including:

Finally, there are also published guidelines around topics very closely related to cybersecurity, such as:

As with all regulatory matters, if you’re not sure which cybersecurity regulations apply to your RIA firm, consult with a qualified compliance attorney or compliance consultant.

Staying up to date on the latest SEC Cybersecurity Guidance

The best resources we’ve found to stay up to date on the latest cybersecurity guidance are:

1) Subscribe to the OCIE Announcements.

Head over to the Announcements page and enter your email address to get email notifications when a new piece of guidance is published.

OCIE Email Alerts for Announcements

2) Subscribe to updates from Lexology. 

The Lexology website hosts fantastic articles written by attorneys on a wide variety of topics.  Register for a free account, and they can send you daily or weekly email alerts.

We’ve found it’s best to sign up to get updates for the “IT & Data Protection” work area.

You’ll find the articles are helpful not only to read interpretation of the SEC’s guidance, but also to keep updated about other cybersecurity and privacy-related regulations that might impact your business.

Need help with your firm’s cybersecurity?

Learn more about our SEC Cybersecurity Service or call us at 888-646-1616.

Making sense of the Cybersecurity Guidance

Much of the decision-making process is left up to each individual registered investment advisor to decide what and how to address the guidance in their firm.

The devil is truly in the details — the guidance tells you WHAT to address, but not HOW to address it.

As part of our cybersecurity service for registered investment advisors, we’ve had an opportunity to see first-hand the areas where RIA’s tend to struggle.

As a result, we’ve published a number of topical guides that dive into the guidance and explore your options and make recommendations.

You can read these detailed guides here:

fight banking trojans

The Best Ways to Fight Banking Trojans

Banking Trojans are back, and they’re nasty. Click on the wrong email, and hackers drain your firm’s operating accounts. Incredibly, many of these attacks even defeat your bank’s two-factor authentication. Here’s a great article that explains how banking trojans bypass two-factor authentication. So what should every business do to protect yourself against banking trojans? The

Read More »
sec cybersecurity guidance wire fraud typosquatting anomali

SEC Cybersecurity Guidance: Wire Fraud

Wire fraud is a huge problem for Registered Investment Advisors. Every day, criminals trick firms like yours into wiring funds out of client OR firm accounts. What is the SEC Cybersecurity Guidance on wire fraud? And what are the best practices to stop wire fraud in firms today? It’s critical that your staff identify these

Read More »
SEC Cybersecurity Guidance Beware Phishing Emails

SEC Cybersecurity Guidance: Phishing

As our work moves online and becomes more digital, our risks are changing. In recognition of this fact, registered investment advisors must take cybersecurity seriously. The SEC cybersecurity guidance lays out clear directions for taking cybersecurity risks seriously. And one of the biggest threats to your firm today is phishing. The SEC Cybersecurity Guidance seems

Read More »
SEC Cybersecurity Guidance

SEC Cybersecurity Guidance: Emails and Texting

In our line of work, we hear a lot of myths and rumors. For example, some people say that Office365 isn’t SEC compliant because it’s in the cloud. We have also heard some people saying the same about Google’s G Suite.  But what does the SEC Cybersecurity Guidance say? While the SEC Cybersecurity Guidance does

Read More »
SEC Cybersecurity Guidance Data Loss Prevention Data Letters

SEC Cybersecurity Guidance: Data Loss Prevention

As businesses are digitally transformed, our exposure to risk is changing. In the financial industry, the stakes are much higher. The SEC Cybersecurity Guidance helps registered investment advisors respond to these threats. It also makes sure that they have a plan in place to respond to them. For example, one such threat is the loss

Read More »
SEC Cybersecurity Guidance: Incident Response 18 minutes Hacker

SEC Cybersecurity Guidance: Incident Response

When firms think about cybersecurity, they’re tempted to focus on the tech.  Hopefully, you’re already having internal conversations about which tools you need to fight phishing or to keep your mobile devices safe. One area where we’ve seen a lot of firms struggle, though, is in figuring out what to do when something BAD happens.

Read More »
SEC Cybersecurity Guidance: Mobile Device Management

SEC Cybersecurity Guidance: Mobile Device Management

Protecting Your Business’ Most Sensitive Mobile Data Gone are the days of the rotary phone.  Data is immensely portable.  As we — individuals, consumers, corporate employees, investment advisors and financial investors — continue to rely on our mobile devices for everything, the level and amount of sensitive data that is stored on our mobile devices

Read More »
SEC Cybersecurity Guidance Client Cybersecurity Phone and Computer

SEC Cybersecurity Guidance: Client Cybersecurity

Cybercriminals are quite nimble in outsmarting protection measures. This makes it essential to be proactive and stay one step ahead of bad actors. The SEC Cybersecurity Guidance provides a lot of information about security and compliance. But it doesn’t specify what steps firms should take to teach their clients how to be safe online from cyber threats.

Read More »
Sec Cybersecurity Guidance Business Continuity planning

SEC Cybersecurity Guidance: Business Continuity Planning (Pt. 2)

Welcome back to SEC Cybersecurity Guidance: Business Continuity Planning.  The first steps (found here in Part 1) are: List your Specific Needs, and Discuss and Document… and here, in Part 2, we talk, and plan, and test. Disclaimer: we are STILL not lawyers.  We are cybersecurity practitioners who work with a lot of registered investment

Read More »
SEC cybersecurity guidance business continuity planning

SEC Cybersecurity Guidance: Business Continuity Planning (Pt.1)

If you’ve come to this site, you’re probably doing some research about SEC Cybersecurity Guidance. As part of the OCIE Cybersecurity Initiative, #6 in the SEC cybersecurity guidance clearly states that business continuity planning is a priority. Here’s what the SEC Cybersecurity Guidance says: “Please provide a copy of the Firm’s written business continuity of

Read More »
Cyber_Liability_Insurance_Sm

Do You Need Cybersecurity Insurance?

It’s a good idea… We have a lot of conversations with our clients about cybersecurity insurance.  Adelia Risk doesn’t sell cybersecurity insurance. Instead, we provide a holistic cybersecurity service to small, high value, heavily regulated firms. As part of providing our service, cybersecurity insurance is a common topic. The single biggest misconception that we see?

Read More »
Physical Security Checklist

Physical Security Checklist

Use this checklist to evaluate your physical security risk, and what you can do to prevent break-ins, harm to employees, legal liability, and security breaches.

Read More »