Staying Compliant with the SEC

Cyber security officials from the Securities and Exchange Commission (SEC) agree that data theft is not a question of if but, when. In response to these threats, the SEC has provided regulations, 450 auditors and 12 offices to ensure medical and financial industries are cyber compliant.

Cyber attacks are costly, and can ruin an otherwise healthy fiscal year. Businesses can’t financially plan on a particular figure for a network invasion until after data theft and network damages are repaired and recovered.

Network security is often a large and costly project when handled internally.   Protecting a network that contains financial or medical information is critical, as this is the data cyber criminals are after. With access to this personal information, criminals can portray themselves as someone else, opening and closing accounts without consent.

Businesses often wait to find holes in their network security, reacting to damage or theft only when the breech happens. We believe that network security starts and ends with preparation and procedure and strongly recommend using a Managed Security Service Provider (MSSP) to strengthen your cyber defense.  Continuous monitoring and threat detection is a must in your organization’s security plan.

Each year the SEC adds and adjusts regulation standards and best practices.  To be compliant with them, you have two (2) options:

• Option 1: Add high-level security administrators with round the clock IT staff to monitor the network and look for anomalies. These employees must comply with SEC regulations, create and follow best practices as well as train all employees with access to the network. This is an expensive and time consuming process. Will these employees also be able keep you up to date and in front of network threats?

• Option 2: Employ a Managed Security Service Provider (MSSP) to actively monitor your system. Not only do they provide a third-party review of your network, but they will also offer 24/7 monitoring. Because they specialize in cybersecurity threats, you are guaranteed to have the most up to date information available. Hiring an MSSP will not only save your business money and training, it also ensures that your staff is able to focus and be more productive.

Network structures need to be reviewed and updated regularly. Growth can happen quickly and it’s easy to overlook amending networks and changes to new regulations. Take time to discuss and train all employees with access to your network. Employees should know when they are connected and when to close networks no longer in use. Antivirus and Malware software are important, but the SEC requires more. These programs cannot identify many network faults that are often created from within the network itself.

By electing to outsource your cybersecurity and work with Vertek, we will drop into your environment with our life cycle approach.  We will begin with an asset discovery, setup routine vulnerability assessments.  We will work with an organizations IT team to get their environment to a steady state.  Once a steady state is reached, weekly reports will help determine any alarms or directives that need to be tuned.  Vertek will continue monitoring and add in new threat intel as new threats develop.  IDS (Intrusion Detection System) and file integrating monitoring follow in the monitoring phase of the Life Cycle.  In the final phase of the Life Cycle Approach, the Intelligence phase, each month is ended with a review with a Security Engineer.

By partnering with Vertek and integrating our Managed Threat Intelligence service offering into your network, continuous monitoring and threat detection will help your organization comply with SEC requirements and regulations.

Working with an MSSP will save your business money and employee’s hours. Want to learn more about Managed Threat Intelligence?  

Meet Regulatory Compliance for Finance and Investment Managers