This past week, the Commodity Futures Trading Commission (CFTC) settled an enforcement action in which it had alleged that futures commission merchant AMP Global Clearing LLC violated 17 C.F.R. 166.3 (duty of supervision) by failing to diligently supervise implementation of a critical component of its information systems security program (ISSP). As a result, AMP suffered a cybersecurity breach that led to loss of nearly 100,000 files, including customers’ personal identifying information. As a result of the settlement, AMP paid a $100,000 fine and, undoubtedly, faces significant other expenses in dealing with the customers for whom it lost private information. AMP will also have to provide written verification to the CFTC of its efforts to strengthen its network security and ensure compliance with its ISSP….
On Sept. 20, SEC Chairman John Clayton announced that Wall Street’s watchdog, the Securities and Exchange Commission (SEC), was the victim of a cyber hack in 2016. In what ironically amounts to the SEC’s first significant disclosure of its own cybersecurity risks, Clayton stated: “In certain cases, threat actors have managed to access or misuse our systems.” According to Clayton, “[i]n August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading.” Hackers apparently exploited a weakness in the SEC’s Electronic Data Gathering, Analysis and Retrieving (EDGAR) system. EDGAR houses financial records for all of the companies listed on stock exchanges in the United States – including domestic and foreign securities issuers and…READ MORE
At the North American Securities Administrators Association (NASAA) Annual Conference earlier this week in Indianapolis, the NASAA Enforcement Section gave a preview of the results of its annual survey of securities administrators. In that survey, state securities regulators identified binary options, marijuana-related investments, stream of income investments and the cybersecurity of digital currency as the primary emerging enforcement concerns. Binary options. Described by one regulator as “the flavor of the week in terms of investor fraud,” these options, with a fixed expiry time, are all-or-nothing investments. If the option expires in-the-money, the investor gets a fixed amount of cash; if it expires out-of-the-money, the investor gets nothing. Because they are easy to understand and do not require any leverage, state regulators believe relatively unsophisticated…READ MORE
Continuation of last week’s Cybercrime & Your Company – Failing to Prepare = Preparing to Fail, Part 1. V. If Your Company Becomes the Next Victim If your company becomes the next target/victim of cybercriminals, personal information of your employees and customers can be compromised. Sensitive and proprietary data can be stolen and sold to the highest bidder, usually one of your competitors. Financial resources can disappear and the reputation of your business can be ruined. VI. Key Steps to Protect Your Computer System from the Cybercriminal How can you protect your computer system from a cybercriminal, a digital terrorist, waiting to wreak havoc upon your company? Here are some key tips: Ensure your employees set strong passwords, change them periodically and…READ MORE