There may have been a time when an annual employee training program on cybersecurity was enough to satisfy regulators that an advisory firm was taking the threats of hackers and other malicious actors seriously.
The Securities and Exchange Commission has made no secret that it expects more from firms in the area of cybersecurity, identifying the issue in its recent exam priorities letters, conducting sweep exams focused on firms' cyber policies and procedures, and, most recently, announcing the establishment of a dedicated cyber unit.
TD Ameritrade recently launched a campaign to promote the message to its registered investment advisers that a strong, dynamic cybersecurity training program is an essential element of a modern practice. A key part of that effort is the notion that employee training must be ongoing, that policies to protect the firm's systems and information aren't just a set-it-and-forget-it proposition. MORE