Recently I had the opportunity to attend FINRA’s Cybersecurity Conference in New York. To help you evaluate and enhance your firms’ cybersecurity practices, below are some key takeaways on where Financial Services companies are focusing their security efforts now.

  • Security threats come not only from outside the organization but also from within. An employee who clicks on the wrong link can compromise your entire system.
  • Hacking is no longer a “lone ranger” problem. Nations and businesses are doing this full time. It is a very serious threat.
  • Basic blocking and tackling:
    • Create a strong password and change it regularly. Use a password tool like LastPass to keep track of all your passwords
    • Reset your password at least every 90 days
    • Use Multi-Factor Authentication wherever possible
    • Implement security patches and updates regularly
    • Make a backup of your files every day – make sure you have a copy at a remote site
    • Scan all devices on a regular basis – third party services can help
    • Document and track all security incidents
    • Know your suppliers – have a good vendor management process
  • Wireless networks are more vulnerable – change your WiFi password once a month.
  • Have a separate guest WiFi network – most routers allow for this.
  • Allow only company devices to access company networks.
    • Have a dedicated company computer, do not use personal device for business use
  • Know where your data is – keep track of storage location.
  • Conduct risk assessments of employees who have left the company and current employees.
  • Investigate accidental disclosures – info sent to wrong recipients via email, etc.
  • Implement systematic and regular security training on Phishing, Malware, recent trends, for your employees and yourself. You can subscribe to third party training modules.
  • Have a data breach plan – communication, steps to recover, and documentation.
  • Have a Ransomware plan
    • Try not to pay $ – it does not guarantee decryption key
    • Good systematic backups are critical to recover from Ransomware
    • Have “Airgap” – store backups periodically at a disconnected location – third-party services are available to help
  • Encrypt your hard drive – Microsoft comes with a free disk encryption program called bit locker. Full disk encryption software is available for Macs as well.
  • Document your security policies and procedures – several templates/tools are available to prepare the documents.

When it comes to cybersecurity, there are no magic bullets, but being careful and taking smart precautions can improve your odds of keeping your systems and data safe.


R 18-114