As fintech evolves and becomes more widespread, regulatory agencies are emphasizing cybersecurity to ensure that firms are protecting their customer and client information.
Both Financial Industry Regulatory Authority (FINRA) and the US Securities and Exchange Commission (SEC) are focusing on more than just anti-money laundering and books and records these days. They’re also increasingly examining firms’ abilities to mitigate and prevent cyber threats.
No matter how small a firm may be, being audited is always a possibility. Here are five strategies firms can use to reduce exposure to cyber threats — and ensure compliance.
- Create an information security policy
Firms already know to have written supervisory procedures (WSPs) to define approved business activities and how those activities are monitored, reviewed and corrected. Similarly, firms should also have an information security policy, which is one of the first things tech-savvy auditors will ask to examine.
This policy establishes rules and guidelines to dictate how information technology assets and resources should be used, managed and protected. Key tips for creating an information security policy can include:
- Working with reputable privacy law firms
- Auditing all third-party technology vendors
- Avoiding using freeware
- Looking into cyber-security insurance
While documenting a policy is important, it’s also critical to have an enforcement and management strategy.
- Practice simple device hygiene
With more offices shifting to hybrid work environments, it’s more important than ever for employees to lead the charge in protecting sensitive information. Many strategies to minimize accidental information leaks that work in the office can also work when employees are remote.
Employees should continue to:
- Lock device screens when they’re not using the device — and set their devices to automatically lock screens after 15 minutes of inactivity
- NOT install peer-to-peer software
- Enable antivirus, malware and firewall applications
- Only use trusted Wi-Fi networks
- Use VPN
Firms should also ensure their IT departments keep employee devices updated, including:
- Pushing OS updates or enabling automatic updates
- Taking inventory of all software installed on devices used for business
- Updating antivirus and malware definitions
IT should make it a point to check device settings weekly if not daily. This should be an ongoing project – not something that’s left for critical moments like an audit.
- Use password management tools
Creating secure passwords is straightforward. Strong passwords often are:
- At least eight characters (the more the better)
- Complex, with a mix of lowercase, uppercase, numbers and symbols
- Routinely changed every two months
However, the challenge most people have is creating unique passwords for each account. As the financial industry becomes increasingly tech-savvy, employees will use a broader set of tools — each with their own set of login credentials.
Password managers are a great way to keep track of all the different passwords employees use throughout the day. A password manager acts as an encrypted digital vault that stores secure password login information to access apps and accounts on mobile devices, websites and other services.
- Use encrypted networks
Employees working remotely can no longer rely on their office’s network to protect transmitted data. Remote employees should:
- Only connect to WPA2-enabled Wi-Fi networks
- Use single sign-on (SSL) or IPSec VPN connections
- Use secure remote desktop tools
While working from anywhere is gaining ground, employees should never use free Wi-Fi networks for transacting business. When using an approved mobile Wi-Fi hotspot, employees should also use a VPN service.
- Utilize full encryption on all devices
One of the risks of working remotely is that devices such as laptops, tablets and smartphones — while mobile and convenient — are easier to misplace or be stolen.
By enabling device encryption, firms can protect data on devices so data stored on the device can only be accessed by people who have authorization.
- Use approved full-disk encryption on all devices
- Disk/volume encryption is better than file-level encryption
Ready to secure your organization?
Your firm may not face a cyber audit in the near future, but it’s a near certainty that it’s under threat of cyberattacks.
Learn how you can protect your organization with end-to-end monitoring, remediation and reporting on cyber risk.
Featured podcast – Listen to the Full Podcast – Innovation in Compliance Right Question to the Right Person at the Right Time with Ishan Girdhar:
Smarsh serves a global client base that spans the top banks in North America and Europe, along with leading brokerage firms, insurers, and registered investment advisors. Smarsh also enables federal and state government agencies to meet their public records and e-discovery requirements. For more information, visit www.smarsh.com.
At LS Consultancy, we provide a cost-effective and timely copy advice and copy development services to make sure all your advertising and campaigns are compliant, clear and suitable for their purpose.
Why Not Download our FREE Brochures! Click here.
Call Us Today on 020 8087 2377 or send us an email.
You can see our Google reviews here.
We’re looking for guest writers with business know-how and experience to create outstanding articles to feature on our website. Sound like you? Then find out more…