For regulated investment firms, the SEC’s Office of Compliance Inspections and Examinations (OCIE) has prioritized “cybersecurity with an emphasis on, among other things, governance and risk assessment, access rights and controls, data loss prevention [...] and incident response.”
While firms have significantly strengthened their compliance policies, their actual practices still reveal alarming gaps. Behind closed doors, compliance leaders in many firms I get to speak to admit that they lack the tools to sufficiently monitor, audit, and enforce employee web use policy.
Regulators expect firms to make a “reasonable” attempt to ensure oversight and remediate areas of weakness. So what’s getting in the way?
The Web - Asset or Liability? It Depends On the Browser.
Whether research analysts or investment managers use business apps or social media, they rely on the locally installed web browser as their primary tool. It is the very same tool that increasingly leaves firms exposed to risks of data breaches and compliance violations online.