Switching To A Remote Work Model During The Coronavirus PandemicRead more
For all intents and purposes, you should really think about FINRA compliance and cybersecurity as the same thing. While they’re not technically exactly aligned, when it comes to firms like yours, the difference is negligible.
Do you know where to begin?
Let’s start with the basics – compliance is determined by your firm’s ability to protect the confidentiality, integrity, and availability of sensitive customer information.
That means following the three regulations below. Think of them as what’s required of you and how you deal with your data.
1. Keep Data Safe Where Branches Are Concerned
The point of Written Supervisory Procedures (WSPs) is that they make sure your branches are as secure as your primary location. No matter how good your onsite cybersecurity is, that doesn’t mean anything to your branches.
Make sure to dictate exactly how branches are expected to protect data, such as:
2. Defend Against Phishing
Phishing (and all social engineering techniques) is about the element of surprise.
It’s a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers.
That’s why cybersecurity awareness training is becoming a more common part of modern IT services. Users are a key target for cybercriminals; the more they know about cybercrime tactics, like phishing, the better defended your organization will be.
3. Don’t Make Assumptions
No matter how much you’ve invested in your cybersecurity, you can’t just assume it’s effective enough to protect you against cybercriminals. A key best practice for cybersecurity is to regularly test your measures to make sure they hold up in the event of an attack, and to identify any unseen vulnerabilities that are putting you at risk.
That’s why FINRA recommends running penetration tests (an authorized attempt to break through your organization’s cybersecurity defenses) both on a regular basis, as well as after key events – anything really that makes significant changes to your firm’s infrastructure, staffing, access controls, or other cybersecurity-based considerations.
4. Involve Your Staff In Cybersecurity
Do your employees have the knowledge they need to defend your firm?
If you’re not sure, then they probably need training. Security awareness training helps your employees and volunteers know how to recognize, and avoid being victimized by, phishing emails and scam websites.
A comprehensive cybersecurity training program will teach your staff how to handle a range of potential situations:
5. Keep Data Protected On Mobile Platforms
It’s no surprise that mobile devices are continuing to become a central and necessary part of the business world. What might be surprising is how unprepared some businesses are for that reality.
No matter what kind of cybersecurity you have in place at the office, it won’t extend to the mobile devices that have access to your data.
This is a critical limitation of your cybersecurity software, and it’s obvious when you think about it – if your firewall is only installed on your work devices, but you let employees use personal devices and home workstations to access business data, then obviously you won’t be totally secure.
That’s why you need to have the right mobile cybersecurity measures in place:
Like this article? Check out the following blogs to learn more: