A cease-and-desist order along with a $1 million fine suggests that the Securities and Exchange Commission is getting serious about enforcing the identity theft prevention rules it adopted jointly with the Commodity Futures Trading Commission five years ago.
The recent action against Voya Financial is the first enforcement by either agency of the Identity Theft Red Flags Rules, which require covered financial firms to maintain up-to-date identity theft prevention programs, administered by a board of directors or senior leadership. Entities covered under the rules are required to provide staff training.
The Voya case may indicate that regulators are broadening their data security focus, which has centered on cybersecurity in recent years. Can CFTC action be far behind?
In the Voya case, cybercriminals called the firm’s help desk over a six-day period, impersonating investment representatives and convincing the help desk staff to reset passwords over the phone. Our identity Theft Prevention course covers that and other devious techniques, and teaches your staff how to recognize common red flags.
Learn more about our identity Theft Prevention course here.
Interested in corporate pricing? Click here.