Skip to content

Menu

ChannelsPublishersSubscribe
LexBlog, Inc. logo
LexBlog, Inc. logo
ProductsSub-MenuBlogsPortalsTwentySyndicationMicrositesResource Center
Join
Search
Close
Join the Movement. Blog 4 Good

FINRA Releases Notice On Cybersecurity Measures In light of COVID-19 Pandemic

By Katherine Mooney Carroll, Jonathan S. Kolodner, Alexis Collins, Rahul Mukhi & Adam Motiwala
March 27, 2020
EmailTweetLikeLinkedIn

As firms respond to the ongoing coronavirus pandemic by increasingly transitioning to remote and telework arrangements, the Financial Industry Regulatory Authority (“FINRA”) issued an alert on measures that firms and associated persons can take to address resulting cybersecurity vulnerabilities:

  • Measures for Firms. Firms should take steps to ensure network security.  This may include providing employees with secure connections (through the use of virtual-private networks (“VPNs”) or secure sessions with multi-factor authentication, for example) and regularly evaluating privileges to access sensitive information.
    • Firms should also consider training staff on how to securely connect to the firm’s network from remote locations while avoiding potential scams or cyberattacks, and to alert the firm’s IT support staff about potential fraudsters seeking to exploit remote work arrangements by impersonating firm personnel.
  • Measures for Associated Persons. Associated persons should utilize a secure connection to access a firm’s network and ensure that their wireless connections use stringent security protocols, their devices are using up-to-date software and non-default login credentials, they are using anti-virus and anti-malware software, and they secure their device when working in public areas.  Associated persons should also review firm policies on storage and back-up of information, particularly where customer personally identifiable information is being accessed on personal devices.
    • Associated persons should be aware of fraudsters using the current situation as a cover for cyberattacks, for example by impersonating “Helpdesk” personnel or engaging in tradition phishing scams. They should also consider their role in a firm’s incident response plan, including who they should contact and when.

The alert notes that it “does not create any new legal requirements or change any existing regulatory obligation.”  For additional guidance on cybersecurity considerations for firms as they respond to the ongoing pandemic, please see our prior posting on the subject.

Photo of Katherine Mooney Carroll Katherine Mooney Carroll

Katherine Mooney Carroll’s practice focuses on advising U.S. and international financial institutions on U.S. regulatory matters, including recent reforms pursuant to the Dodd-Frank Act, regulatory aspects of bank M&A, cybersecurity and privacy matters, and compliance with U.S. sanctions and anti-money laundering laws.

Read more about Katherine Mooney CarrollEmail
Photo of Jonathan S. Kolodner Jonathan S. Kolodner

Jonathan S. Kolodner’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

Read more about Jonathan S. KolodnerEmail
Photo of Alexis Collins Alexis Collins

Alexis Collins’ practice focuses on litigation, including criminal and regulatory enforcement matters and complex civil and antitrust litigation.

Read more about Alexis CollinsEmail
Photo of Rahul Mukhi Rahul Mukhi

Rahul Mukhi’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

Read more about Rahul MukhiEmail
  • Posted in:
    Privacy & Data Security
  • Blog:
    Cleary Cybersecurity and Privacy Watch
  • Organization:
    Cleary Gottlieb Steen & Hamilton LLP
  • Article: View Original Source

Stay Connected

Facebook LinkedIn Twitter RSS
Real Lawyers

Company

  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service

Products

  • Products
  • Blogs
  • Portals
  • Twenty
  • Syndication
  • Microsites

Support

  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • Redefined Blog
  • Global Trade Law Blog
  • The Quick Take
  • Consumer Privacy World
  • Energy Law Report
Copyright © 2021, LexBlog, Inc. All Rights Reserved.
Powered By LexBlog