The Securities and Exchange Commission is warning of security risks the agency has found in advisor and broker-dealer exams associated with the storage of electronic customer records, including those leveraging cloud-based storage.
The May 23 Risk Alert comes as the agency’s Office of Compliance Inspections and Examinations started an exam sweep this week of how RIAs are identifying and monitoring risks to ensure systems, data and nonpublic client information are secured at third parties and the cloud service providers that RIAs use.
During recent exams, OCIE identified security risks associated with the storage of electronic customer records and information by broker-dealers and RIAs in various network storage solutions.
“Although the majority of these network storage solutions offered encryption, password protection, and other security features designed to prevent unauthorized access, examiners observed that firms did not always use the available security features,” the Risk Alert states.
“Weak or misconfigured security settings on a network storage device could result in unauthorized access to information stored on the device.”