Managed Service Providers Under Attack In the past month, a Managed Service Provider (MSP), or what many registered investment advisers might utilize as their outsourced IT Provider, was breached, exposing up to 2000 user endpoints to issues of disruption and perhaps worse. The IT Vendor was subsequently urged to pay ransom of [...]
Strong Passwords and SEC Enforcement Enforcements pertaining to passwords? There’s only been one cybersecurity enforcement and it pertained to a lack of policy and procedure, right? (We’re referring here to R.T. Jones) Wrong. In 2008 LPL Financial Corporation was enforced for willfully violating Rule 30(a), “The Safeguards Rule,” by having insufficient security [...]
At the 2015 RSA conference, Commissioner Aguilar’s Chief of Staff, Smeta Ramarathnam, participated in a panel titled “Full Disclosure: What Companies Should Tell Investors About Cyber Incidents.” While Aguilar’s emissary reminded us of the importance of general cybersecurity risk disclosure, her message focused upon the disclosure of breach events, stating that the [...]
In a prepared speech at the Georgia Law Review Annual Symposium, SEC Commissioner Luis A. Aguilar covered a broad range of topics under the heading of “Preparing for Regulatory Challenges of the 21st Century.” Main points covered the ever-evolving markets and the need for high-quality information. In his closing statement, the Commissioner [...]