Even the Securities and Exchange Commission (SEC) can get hacked – and the recently announced cyber-attack against the SEC is providing an important wake-up call for U.S. companies regulated by the powerful agency and the attorneys they work with.

David Axelrod, a former SEC attorney now working at Ballard Spahr, said there are two important takeaways from the SEC hack. “First, no company or agency is hack-proof,” he said. “This incident shows that if a company does not think it’s been hacked, they either don’t know that they have been or it’s only a matter of time.”

Second, this incident also shows that hackers are attacking “the gate-keepers,” he added. “They’ve attacked law firms and business wire firms, and now they have attacked the ultimate gate-keeper, the SEC. This incident shows that companies that are in the business of working with publicly-traded companies, such as law firms, accounting firms, consultant groups, must know they have a target on their backs.”

“Every public company has to assume that cyber criminals want their material non-public information,” Axelrod warned. “This means two things. First, it means that companies need to devote resources to sufficiently protect their data. Second, it means that companies need to be very careful about choosing third-parties to work with and share their data with.”

The SEC breach follows a 2015 breach at the Office of Personnel Management (OPM). That breach into the OPM impacted more than 21 million people.

Read the full article here. Subscription may be required.