As the financial industry advances in technology to increase efficiency and enhance client service, firms face a daunting risk of increased exposure to cybersecurity threats and attacks. The changes in how firms and clients use and interact through technology create a variety of new avenues for intrusion that must be proactively addressed.
Earlier this year FINRA issued its Report on Cybersecurity Practices, which suggests using a risk management method to cybersecurity, while noting there isn’t a one-size-fits-all method. The report reviews the results of an industry-wide cybersecurity examination and emphasizes the importance of protecting both investor and firm data. In addition, FINRA outlines effective practices to assist firms with their cybersecurity efforts by determining vulnerabilities in existing systems and analyzing and creating processes to manage risk.
Due to a consistent rise in the number of cybersecurity breaches taking place, advisors need to incorporate security management into their daily practice and ensure everything is being done to protect client and firm data. FINRA’s report provides a list of principles and best practices to guide advisors on cybersecurity and highlights eight key areas:
Senior-level management and board of director engagement and knowledge regarding cybersecurity issues is essential to the framework and success of your firm’s cybersecurity process. Involvement and commitment from leadership is critical for firms to achieve cybersecurity goals.
Every firm faces cybersecurity risk, no matter the size or business model. To understand your risk, be proactive by completing regularly scheduled risk assessments to identify both external and internal areas of vulnerability. If you don’t know if your system is flawless, a risk assessment is crucial.
Multiple security controls need to be implemented to protect software and hardware that stores and processes data. Select controls that are appropriate to your technology platform through identity and access management, data encryption, and penetration testing.
FINRA recommends that firms establish policies and procedures, assign roles and responsibilities, and test incident plans for responding to cybersecurity occurrences. FINRA also notes that while it is impossible to address every type of attack, a response plan should outline processes for several different scenarios.
Vendor Relationship Management
Cybersecurity risk that could arise from third-party service providers must be managed by performing due diligence throughout the relationship cycle. Utilize contractual agreements to establish processes for vendors who have access to sensitive data, client information, or firm systems. In addition, develop terms based on the sensitivity level of information the vendor has access.
Define cybersecurity training needs, training cycles, and deliver training to all team members based on your firm’s specific points of exposure. Each employee should have a full understanding of your risk assessment process, threat intelligence research, and the proper incident reporting procedures in the event a device is compromised or infected.
Increase Cyber Threat Intelligence
Assign responsibility for cybersecurity intelligence gathering and analysis. The collected data should then be utilized to recognize, discover, and respond to cybersecurity threats. Your firm should also implement an information sharing process to proactively secure measures that reduce security weaknesses and improve their ability to protect data.
Evaluate insurance coverage for cybersecurity-related events and pay close attention to policy coverages and exclusions. If you hold a cyber-insurance policy, conduct a periodic analysis to review the adequacy of coverage and the ability to reduce the potential impact to your financial statement in the event of an attack.
The Bottom Line
FINRA stated that the report does not create new legal requirements and included the following statement:
“FINRA expects firms to consider the principles and effective practices presented in this report as they develop or enhance their cybersecurity programs. FINRA will assess the adequacy of firms’ cybersecurity programs in light of the risks they face. This report is not intended to express any legal position, and does not create any new legal requirements or change any existing regulatory obligations.”
Financial advisors are taking cybersecurity seriously by implementing programs and procedures and analyzing systems to ensure that client and firm data is secure and well protected from lurking hackers.
How Fear Blocks Sales Success
Are Your People Struggling With Innovation?
Why Your Investing Lifetime is So Important
The Fascinating Questions of a 100 Year AI Life
The Number of Americans Who Feel They Will Be Better off in a Year Is at a Record High
5 Ways M&A Can Hurt Your Brand
The Enormous Impact of Company Culture on Business Growth
Confronting the Ghosts of Your Financial Past for Future Control
5 Attitudes to Enhance Aging
One Rarely-Used Strategy to Push Your Sales Copy Over the Top
Equities16 hours ago
The Bulls Are Getting Stronger
Markets17 hours ago
S&P 500? More Like The S&P 50
Development17 hours ago
5 Questions Prospects May Ask Before Deciding to Hire You as Their Advisor
Let's Solve It2 days ago
Is Inflation Really Dead?
Markets2 days ago
Could Cyclicals Make a Comeback in 2019
Equities2 days ago
US Technology Sector is Setting Up for A Momentum Breakout Move
FinTech4 days ago
The Next Global Financial Meltdown Is Just Around the Corner
Advisor4 days ago
Stay Away From Dumb Money: The Crowd Is Rarely Right