Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

FINRA Releases Notice On Cybersecurity Measures In light of COVID-19 Pandemic

By Katherine Mooney Carroll, Jonathan S. Kolodner, Alexis Collins, Rahul Mukhi & Adam Motiwala on March 27, 2020
Email this postTweet this postLike this postShare this post on LinkedIn

As firms respond to the ongoing coronavirus pandemic by increasingly transitioning to remote and telework arrangements, the Financial Industry Regulatory Authority (“FINRA”) issued an alert on measures that firms and associated persons can take to address resulting cybersecurity vulnerabilities:

  • Measures for Firms. Firms should take steps to ensure network security.  This may include providing employees with secure connections (through the use of virtual-private networks (“VPNs”) or secure sessions with multi-factor authentication, for example) and regularly evaluating privileges to access sensitive information.
    • Firms should also consider training staff on how to securely connect to the firm’s network from remote locations while avoiding potential scams or cyberattacks, and to alert the firm’s IT support staff about potential fraudsters seeking to exploit remote work arrangements by impersonating firm personnel.
  • Measures for Associated Persons. Associated persons should utilize a secure connection to access a firm’s network and ensure that their wireless connections use stringent security protocols, their devices are using up-to-date software and non-default login credentials, they are using anti-virus and anti-malware software, and they secure their device when working in public areas.  Associated persons should also review firm policies on storage and back-up of information, particularly where customer personally identifiable information is being accessed on personal devices.
    • Associated persons should be aware of fraudsters using the current situation as a cover for cyberattacks, for example by impersonating “Helpdesk” personnel or engaging in tradition phishing scams. They should also consider their role in a firm’s incident response plan, including who they should contact and when.

The alert notes that it “does not create any new legal requirements or change any existing regulatory obligation.”  For additional guidance on cybersecurity considerations for firms as they respond to the ongoing pandemic, please see our prior posting on the subject.

Photo of Katherine Mooney Carroll Katherine Mooney Carroll

Katherine Mooney Carroll’s practice focuses on advising U.S. and international financial institutions on U.S. regulatory matters, including recent reforms pursuant to the Dodd-Frank Act, regulatory aspects of bank M&A, cybersecurity and privacy matters, and compliance with U.S. sanctions and anti-money laundering laws.

Email
Photo of Jonathan S. Kolodner Jonathan S. Kolodner

Jonathan S. Kolodner’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

Read more about Jonathan S. KolodnerEmail
Photo of Alexis Collins Alexis Collins

Alexis Collins’ practice focuses on litigation, including criminal and regulatory enforcement matters and complex civil and antitrust litigation.

Email
Photo of Rahul Mukhi Rahul Mukhi

Rahul Mukhi’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

Read more about Rahul MukhiEmail
  • Posted in:
    Other
  • Blog:
    Cleary Cybersecurity and Privacy Watch
  • Organization:
    Cleary Gottlieb Steen & Hamilton LLP
  • Article: View Original Source

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo