
Founder and President Amy Lynch discusses a recent SEC Enforcement action highlighting the importance of cybersecurity policies and processes that are custom-tailored to a firm’s business model, in this case an indie firm. In addition to leveling SafeGuards Rule violations, the SEC charged a firm for the first time under the 2013 Identity Theft Red Flags Rule. Numerous lapses in cybersecurity led to unauthorized intrusions of the company’s proprietary web portal, exposing 5,600 customers’ personally identifiable information (PII) to identity theft. The SEC case cites the lack of appropriate training and improper cybersecurity policies leading to inefficient responses, which Ms. Lynch explains allowed the SEC to successfully identify multiple violations. See IGNITES (subscription required), “Voya’s Lax Cyber Security Failed to Prevent ID Theft: SEC.”