Mimecast: How New SEC Guidelines Could Shape Email Security

While maybe not the first priority on a broker's list, cybersecurity has become one of the most important fields in safeguarding the data and privacy of investors. And with SEC guidelines around cybersecurity in constant flux, it's vital to keep one's practices as up to date as possible.

Email security is one of the fields with recent changes as of late. It is important to break down how these new regulations will affect the way one uses secure email services to communicate and store information, so let's get started.

Access Rights

The SEC requires that a company have policies in place to monitor access to all personal and private data on the network. This includes having security measures in place to permit only employees or other authorized persons to access the network, as well as having ways of tracking how these permissions are granted.

Think of this policy as a way of keeping an entrance log for the IT network. Not only will these access rights act as the first wave of security measures against cybercrime, they are also a great way of monitoring access history in case a cyberattack should ever occur. 

Data Loss Prevention

Another policy of the SEC is that investment advisors and brokers must have systems in place to both classify data's confidentiality and monitor it for possible loss or corruption. These types of policies also apply to data transferred through private emails and messages.

This means that a company will need to classify data based on the information's risk level (low, medium, or high) as well as find a way to detect data loss should it ever occur.

Having a robust cybersecurity platform that can both archive data and classify it will go a long way in data loss prevention. While its primary job is to ensure data protection, it will also help the company follow SEC cybersecurity guidelines and reassure one's clients that their data is being safeguarded properly.

Employee Training

Any investment broker, advisor, or firm will also need to keep strict documentation on their employees' cybersecurity training. This includes documenting how one should advise their employees to use email and messaging services.

Since emails are some of the most common target points for cybercriminals, one should train their employees on various risk factors that accompany using a company email. Phishing scams and identity impersonation can infiltrate the IT network through email, so it's absolutely necessary to keep a history of how their employees have been trained to use it.

Response Practices

Lastly, should the worst ever occur, and the company experiences a cyberattack, one will need to have policies in place that give clients and employees the best possible course of action to address the losses and damage. This includes taking the necessary measures to understand how the attack occurred, and this may include auditing the company's emails to see if any fraudulent activity is detected.

A company should get as much information as it can after the attack has happened, and have a policy in place that communicates the nature of the incident to clients and investors. That way, one won't have to worry about SEC compliance in addition to a cyberattack. 

Contact: michael.bertini@iquanti.com

Source: Mimecast

Share:


Categories: IT Security, Information Technology, Training and Education, Online Training and Educational Solutions, Educational Technology

Tags: Cybersecurity, Email Security, Email Services


About Mimecast

View Website

Mimecast is the company solving the top cyberattack vector - email. We deliver relentless protection for tens of thousands of customers around the globe; always putting them first, and never giving up on tackling their biggest security challenges.