Industry Update and SEC Cybersecurity Guidance
Security is a top priority of for the SEC, with its Office of Compliance Inspections and Examinations (OCIE) recently announcing that they will focus on firms exhibiting relaxed data security controls in 2016. In September, the OCIE issued a second security alert expressing that they would be focusing on governance, risk assessment, technical controls, incident response, vendor management, confidentiality, data loss prevention and training.
Additionally, in 2015, the SEC released the results from a cybersecurity survey of 57 registered broker-dealers and 49 investment advisers, which sought to gauge whether firms were prepared against cyber criminals and the resulting risks. The survey found that 88% of broker dealers and 74% of investment advisers had experienced a data breach, either directly or indirectly through a vendor.
As a result, many firms are concerned about securing their confidential information, such as quarterly letters and client records, and ensuring that their files stay secure, regardless of their location.
Challenges: Firms Demanding Data Mobility
In light of these challenges, financial firms are concerned about protecting their data and the personally identifiable information (PII) of their clients. And at the same time that the SEC has demanded more stringent compliance, the demand for data mobility is growing faster than ever. In today’s mobile world, financial firm employees need to be able to transport files outside of the corporate network in order to travel and work efficiently. While the SEC has not yet defined any fixed penalties for not adhering to the guidelines, the true risk of experiencing a data breach is reputational damage. As a result, firms need to be able to ensure flexibility and efficiency for their employees, while still being able to ensure that their data remains protected, regardless of its location.
Solving the Challenge of Restless Data
Traditional encryption solutions offer limited capabilities and are cumbersome, as they focus on protecting the perimeters rather than the data itself. In order to apply heightened levels of security, more permissions must be applied. However, if a file somehow manages to leave the corporate network, it’s no longer protected.
As a result, a new approach to data security is needed- one that allows firms to gain control over the data, even after leaving the corporate network. Vera goes beyond the capabilities of traditional encryption to secure files of any type, on any device. With Vera, security policies travel with data files anywhere they are sent or stored, in additional allowing administrators granular levels of visibility and control.
Watch a recording of the webinar here.
For a complete demo of how Vera works get in touch today!