Publications
Tips for Fund Managers Responding to Cyberattacks
December 2021
In 2021, private fund managers faced a persistent wave of cyberattacks with potential to inflict devastating harm. In a ransomware attack—the fastest-growing type of cyberattack—perpetrators threaten to take action that would result in a wholesale inability to access critical systems if the ransom is not paid.
Cyberattacks continue to grow in frequency and scope, as new reports claim that the group responsible for the SolarWinds attack targeted more than 600 organizations with nearly 23,000 attacks in its latest campaign.
The Securities and Exchange Commission has been increasingly aggressive in enforcing requirements for managers to maintain reasonable cybersecurity policies.
While many fund managers have stepped up their cybersecurity programs, cybercriminals continue to develop new ways to circumvent security measures. As fiduciaries that hold sensitive financial information, fund managers should be periodically evaluating and testing their preparedness for a cyber event.
The foundation of an effective cybersecurity breach response is the development and maintenance of an incident response plan. An IRP can be included as part of, or attached to, the firm's information security policy. By establishing policies and identifying resources for responding to a cyberattack before it happens, an IRP frees up resources to focus on assessing the nature of the specific attack at hand and taking measures to remediate and contain it.
Related People
Attachments
Related Insights
Alerts
On Feb. 16, 2024, the Financial Crimes Enforcement Network (“FinCEN”), a bureau of the United States Department of the Treasury (“Treasury”), issued a notice of proposed rulemaking (“Proposed Rule”)[1] continuing the process of implementing regulations to combat illicit finance risks posed by abuse by some in the real estate market. The Proposed Rule would require certain persons involved in residential real estate closings and settlements to submit reports (“Real Estate Reports”) and keep accurate records of certain non-financed transfers of US residential real property. The reasoning behind the Proposed Rule is explained extensively in FinCEN’s December 2021 Anti-Money Laundering Regulations for Real Estate Transactions Advanced Notice of Proposed Rulemaking, which discusses “the opacity of shell companies or other legal entity structures to mask true beneficial ownership of a property and their involvement in real estate transactions.”[2]
Alerts
The Federal Trade Commission (“FTC”) passed its long-anticipated final Non-Compete Rule broadly prohibiting the use of worker non-competition restrictions. The Non-Compete Rule is scheduled to be published in the Federal Register on May 7, 2024, and become effective 120 days later, on Sept. 4, 2024. To the extent the Non-Compete Rule is more restrictive than a state or local law, the Non-Compete Rule will supersede such other law. However, the validity of the Non-Compete Rule is already being challenged in three separate court cases and its effective date may be delayed.
Alerts
On Feb. 16, 2024, the Financial Crimes Enforcement Network (“FinCEN”), a bureau of the United States Department of the Treasury (“Treasury”), issued a notice of proposed rulemaking (“Proposed Rule”)[1] continuing the process of implementing regulations to combat illicit finance risks posed by abuse by some in the real estate market. The Proposed Rule would require certain persons involved in residential real estate closings and settlements to submit reports (“Real Estate Reports”) and keep accurate records of certain non-financed transfers of US residential real property. The reasoning behind the Proposed Rule is explained extensively in FinCEN’s December 2021 Anti-Money Laundering Regulations for Real Estate Transactions Advanced Notice of Proposed Rulemaking, which discusses “the opacity of shell companies or other legal entity structures to mask true beneficial ownership of a property and their involvement in real estate transactions.”[2]
Alerts
The Federal Trade Commission (“FTC”) passed its long-anticipated final Non-Compete Rule broadly prohibiting the use of worker non-competition restrictions. The Non-Compete Rule is scheduled to be published in the Federal Register on May 7, 2024, and become effective 120 days later, on Sept. 4, 2024. To the extent the Non-Compete Rule is more restrictive than a state or local law, the Non-Compete Rule will supersede such other law. However, the validity of the Non-Compete Rule is already being challenged in three separate court cases and its effective date may be delayed.