Cybersecurity

Subscribe to Cybersecurity via RSS

The dream of hack-proof communication just got a little closer to reality. On August 16, 2016, China launched the world’s first “quantum satellite,” a project the Chinese government hopes will enable it to build a communication system incapable of being hacked. Such a system, if perfected, would allow for encrypted communications between any two devices with absolute certainty that the encryption could not be broken, and with a built-in mechanism for alerting the sender/receiver if someone tried.

This month, the Federal Trade Commission (FTC) issued guidance on privacy and security best practices for health-related mobile apps, such as fitness apps connected with wearables, diet and weight loss apps, and health insurance portals.  At the same time, the FTC unveiled an interactive tool designed to direct health app developers to federal laws and regulations that may apply to their apps.  The Mobile Health Apps Interactive Tool, which is the product of collaboration among the FTC, Department of Health and Human Services’ Office of National Coordinator for Health Information Technology (ONC), Office for Civil Rights (OCR), and the Food and Drug Administration (FDA), seeks to unify guidance in a space governed by a complicated web of legal requirements.  It also signals the continued focus of regulators on the protection of consumer health information in this rapidly evolving space.

Results from the SEC’s First Round of Cybersecurity Examinations. On February 3, 2015, the OCIE published a risk alert summarizing its findings from its examinations of over 100 registered investment advisers and broker-dealers. The examinations were conducted as part of the OCIE’s cybersecurity examination initiative, announced in April 2014, to assess cybersecurity preparedness in the securities industry and gather information on common practices and trends among registered firms. The OCIE interviewed key personnel and reviewed documents at 49 registered investment advisers and 57 registered broker-dealers. The OCIE’s findings focused on how registered investment advisers and broker-dealers:

  • Identify cybersecurity risks;
  • Establish cybersecurity policies, procedures and oversight processes;
  • Protect their networks and information;
  • Identify and address risks associated with remote access to client information, funds transfer requests and third-party vendors; and
  • Detect and handle unauthorized activities and other cyber-attacks.

This client alert was prepared by my colleagues Robert Leonard, Michael Mavrides and Christopher Wells.

On April 28, the Securities and Exchange Commission (SEC) released a Guidance Update addressing the importance of cybersecurity and the steps registered investment advisers (and registered investment companies) may wish to consider in light of growing cybersecurity risks. This Guidance Update is the latest instance of the SEC’s increased emphasis on cybersecurity as a priority for advisers. A Cybersecurity Roundtable was hosted by the SEC on March 26, 2014 and the Office of Compliance Inspections and Examinations released a Risk Alert on February 3, 2015 summarizing its cybersecurity examinations of over 100 advisers and broker-dealers.

The Guidance Update provides several measures that advisers may wish to consider when creating a cybersecurity policy. These suggestions are not, however, intended to be comprehensive and advisers should tailor their cybersecurity policies to the particular nature and scope of their businesses.

By Rochelle Emert and Phillip Caraballo-Garrison

On February 3, 2015, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert that summarized its findings about cybersecurity preparedness in the securities industry. As part of its Cybersecurity Examination Initiative, the OCIE collected and analyzed information about cybersecurity practices