How to Keep Your Financial Services Compliant
Cyber Security is an issue for every business, including your financial services business, and the financial sector must meet a higher standard of compliance than most. According to FINRA.org, “broker-dealer firms routinely identify cybersecurity as one of their primary operational risks.”
Obviously, there is more to meeting regulation standards than we address in this article, but you’ve got to start somewhere. Here are just a few questions to get you thinking.
Security Patches – Do You Have a Patch Management Procedure?
When most people hear the words Security Patches, they think of Microsoft, with good reason. There are approximately 1 billion Windows PCs being used in the world today. While Microsoft dominates the software being used by businesses across the world it’s not the only software that needs to be patched regularly.
Internet browsers and plug-ins, line-of-business apps like Quickbooks, even the software that runs your firewall, wifi access points, and network switches should be routinely patched with the manufacturer’s latest security updates. Mitigation strategies universally list security patching as an essential practice to prevent cybersecurity incidents.
Asset Inventory – Do You Use an Asset Tracking System?
If you don’t know what you have, you can’t know what you need to protect. Sure, you can walk around the office and count how many desktop computers are in use, but what about laptops? What about multi-function printers that store scanned data? Do you have an accurate and active inventory of every electronic device that has interfaced with your network throughout the past several years?
Have you considered your employee’s mobile devices? Your former employee’s devices? Let’s assume that they never connected to your system, never accessed any company data, and never logged into your line-of-business applications, can you still be certain that they don’t contain sensitive data? In many cases, our smartphones are always listening, just in case we say “Siri or hey Google.” Have you ever discussed a client’s financial data while your phone is listening?
Security Awareness Training – Are you Training Your Staff?
In a FINRA Report on Selected Cyber Security Practices, they wrote, “Many of the data breaches FINRA has observed occurred because well-intentioned employees or other users made preventable mistakes.”
In his article titled “15 Alarming Cyber Security Facts and Stats” Devon Milkovich records that 95% of cybersecurity breaches are due to human error. Combine that with the fact that there is a hacker attack every 39 seconds, and you should have all the information you need to start taking Security Awareness Training seriously.
If you’re not providing SAT (Security Awareness Training) to your employees, you’re playing with fire. That’s a dangerous game because getting burned (aka breached) will put most financial services companies out of business – completely.