If you want to be FINRA-compliant, then you need to make sure your firm is secure. However, neither effort is necessarily simple.
At first glance, FINRA requirements can be very complicated. At the same time, cybersecurity is a multi-faceted undertaking, involving hardware, software, and your users.
Do you know where to begin?
1. Don’t Forget About Branch Cybersecurity
No matter how secure your main location is, that defense doesn’t automatically extend to the branches you work with. As a part of your “supply chain”, branches need to be as secure as you are.
That’s the point of Written Supervisory Procedures (WSPs). They make sure your branches are as secure as your primary location. No matter how good your onsite cybersecurity is, that doesn’t mean anything to your branches.
Double-check that your branches have the following in place:
2. Defend Against Phishing
Phishing (and all social engineering techniques) is about the element of surprise.
It’s a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers.
That’s why cybersecurity awareness training is becoming a more and more common part of modern IT services. The fact is that users are a key target for cybercriminals; the more they know about cybercrime tactics like phishing, the better defended your organization will be.
3. Don’t Make Assumptions
No matter how much you’ve invested in your cybersecurity, you can’t just assume it’s effective enough to protect you against cybercriminals. A key best practice for cybersecurity is to regularly test your measures to make sure they hold up in the event of an attack, and to identify any unseen vulnerabilities that are putting you at risk.
That’s why FINRA recommends running penetration tests (an authorized attempt to break through your organization’s cybersecurity defenses) both on a regular basis, as well as after key events – anything really that makes significant changes to your firm’s infrastructure, staffing, access controls, or other cybersecurity-based considerations.
4. Involve Your Staff In Cybersecurity
Do your employees have the knowledge they need to defend your firm?
If you’re not sure, then they may need training. Security awareness training helps your employees and volunteers know how to recognize and avoid being victimized by phishing emails and scam websites.
A comprehensive cybersecurity training program will teach your staff how to handle a range of potential situations:
5. Keep Data Protected On Mobile Platforms
It’s no surprise that mobile devices are continuing to become a central and necessary part of the business world. What might be surprising is how unprepared some businesses are for that reality.
No matter what kind of cybersecurity you have in place at the office, it won’t extend to the mobile devices that have access to your data.
This is a critical limitation of your cybersecurity software, and it’s obvious when you think about it – if your firewall is only installed on your work devices, but you let employees use personal devices and home workstations to access business data, then obviously you won’t be totally secure.
That’s why you need to have the right mobile cybersecurity measures in place:
Like this article? Check out the following blogs to learn more:
Are you starting the New Year with Old Technology?
The Cost of Running Outdated Technology in Your Construction Company