While we would like to hope that the regulators in charge of looking out for us would always be following best practices themselves, a recent security breach involving the Securities and Exchange Commission (SEC) goes to show that no organization is immune from lapses in security.

The breach in question involved the SEC’s account on X, formerly Twitter, and resulted in a tweet being issued stating that the organization had approved Bitcoin for use in certain investment vehicles–resulting in a brief spike in the cryptocurrency’s value. 

As members of Congress gave press statements calling on both the SEC and X to improve their security practices, it became known that the SEC’s account on X was not secured with multi-factor authentication (MFA), allowing the hack to take place.  MFA has been a security option on X for many years and securing accounts with this method has been considered a best practice for nearly as long, making this breach particularly embarrassing for a government agency.

The fact that MFA, a basic, low-effort security option many of us are familiar with on a daily basis, could be overlooked at an organization like the SEC should remind us that seemingly small omissions and lapses in security can happen to anyone.  The lapse that led to the SEC’s account being breached could have been mitigated by layered security such as having MFA enabled, and regular reviews of account settings could have caught the oversight before it became an issue.

As always, the price of cybersecurity is eternal vigilance.