Tuesday, February 10, 2015

Colorado Division of Securities reminds investors to discuss cybersecurity with their financial professionals

Cybrsecurity is quickly becoming one of the largest risks to your firm. Here's a communication that Colorado is sending to the general public. This really applies to all advisors across all states.

Colorado Division of Securities reminds investors to discuss cybersecurity with their financial professionals

DENVER — With an ever-growing list of financial institutions targeted by organized cyber-attacks, the Colorado Division of Securities, part of the Department of Regulatory Agencies (DORA), today issued an advisory reminding investors of the importance of understanding how their personal information is being protected by financial firms. “The increasing reliance on technology in our daily lives leaves our sensitive financial information more vulnerable to unwanted viewing or theft without proper safeguards in place,” said Colorado Securities Commissioner Gerald Rome. In September 2014, the North American Securities Administrators Association (NASAA), of which the Division of Securities is a member, reported that 62 percent of state registered investment adviser firms participating in a pilot survey had undergone a cybersecurity risk assessment; 77 percent had established policies and procedures related to technology or cybersecurity. “Investors should think about the safety of their financial information, and talk with their investment professionals about what steps firms are taking to safeguard client information,” Rome cautioned. To help investors with that discussion, the Division suggests asking the following questions: Has the firm addressed which cybersecurity threats and vulnerabilities may impact its business? Does the firm have written policies, procedures, or training programs in place regarding safeguarding client information? Does the firm maintain insurance coverage for cybersecurity? Has the firm engaged an outside consultant to provide cybersecurity services? Does the firm have confidentiality agreements with any third-party service providers with access to the firm’s information technology systems? Has the firm ever experienced a cybersecurity incident where, directly or indirectly, theft, loss, unauthorized exposure, use of, or access to customer information occurred? If so, has the firm taken steps to close any gaps in its cybersecurity infrastructure? Does the firm use safeguards such as strong passwords that are changed often, encryption, antivirus and anti-malware programs? Does the firm contact clients via email or other electronic messaging, and if so, does the firm use secure email and/or any procedures to authenticate client instructions received via email or electronic messaging, to work against the possibility of a client being impersonated? If the firm accesses client information or email using a smart phone or tablet when out of the office, what safeguards are in place to ensure a secure connection to the internet? “As a customer, you have the right to ask these questions and get answers you can understand in writing,” Rome said. “This is all part of the process of doing your due diligence and becoming an informed investor.” ### The Department of Regulatory Agencies (DORA) is dedicated to preserving the integrity of the marketplace and is committed to promoting a fair and competitive business environment in Colorado. Consumer protection is our mission. Visit www.dora.colorado.gov for more information or call 303-894-7855/toll free 1-800-886-7675. MEDIA CONTACT: Jillian Sarmo P 303-894-2878  jillian.sarmo@state.co.us www.dora.colorado.gov/dos


Post a Comment