Stock market data put at risk by SEC staff's unsecured laptops

Staff at the US Securities and Exchange Commission (SEC) have put sensitive information from a number of stock exchanges at risk after reportedly using unencrypted computers for work purposes, according to Reuters.

Reuters claimed that sources familiar with the matter had revealed that a number of unnamed employees in the SEC's Trading and Markets Division had been using unencrypted laptops.

Some of the laptops in question were reportedly used at the Black Hat security convention earlier in the year - where hackers frequently try to compromise delegate's machines.

If true, it could spell trouble as the department is responsible for making sure stock exchanges take adequate measures to protect the markets from potential cyber threats and systems problems.

The SEC declined to comment when contacted.

However speaking to V3, Trend Micro security director Rik Ferguson highlighted that such an occurrence would not be beyond the realm of possibility.

"Unencrypted laptops are still all too common in almost every sector, this story only confirms that the SEC is no different to other organisations. The line between corporate and personal PC, particularly as laptops have been more common than desktops as corporate stander, has been blurred almost into non-existence," Ferguson told V3.

"As a result people simply don't appreciate the sensitivity or value of what they are carrying on their hard drives and memory sticks. This is also symptomatic of corporate IT policy having been ineffective."

Freguson added the lapse appeared systematic of a wider failure by the SEC to educate its employees on cyber best practice.

"While the employees may be held responsible for taking the laptops to a conference, ensuring that they were properly encrypted at a device level is normally the responsibility of the employer, it if it company-issued hardware."

Reuters reported that there is currently no evidence to suggest a data breach had occurred thanks to the employees' lapse in judgement.

Prior to the news security vendors had issued numerous warnings that the cyber threat facing financial institutions is increasing.

Earlier in the year the Bank of America, JPMorgan Chase and Wells Fargo's websites suffered a number of unexplained outages, believed to have been caused by cyber attacks.

The slew of attacks led the Financial Services Information Sharing and Analysis Center (FS-ISAC) to upgrade its Cyber Threat Advisory status from Elevated to High earlier in September.