Is Your Financial Firm Secure?
11 Steps To Take For IT Security
Although you lock your doors, have security cameras installed and hire guards to watch your property, your financial firm could still be in danger from cybercriminals and rogue employees. The threat landscape is rapidly becoming much more problematic than has been in the past. Not only are financial firms witnessing an increase in the number of attacks, but these attacks are evolving in sophistication.
Threats From Cybercriminals
FINRA says that financial firms are under siege from cybercriminals bent on stealing sensitive data. And, the Information Systems Audit and Control Association (ISACA) released its “State of Cybersecurity 2018” report — Unfortunately, the IT security landscape doesn’t look good.
- Cyberattacks are increasing.
- Practitioners indicate that the upward trend will continue throughout the near-to-intermediate term.
- Despite the increase in overall numbers of attacks, techniques employed
by attackers remain relatively constant. Some methods of attack (e.g., phishing) show a slight increase relative to other categories of attacks.
- Motivation remains monetary, and ransomware countermeasures are nearing ubiquity.
Another security challenge that financial firms face is with their own people. It’s critical that you recognize this and prevent against it. Half of all businesses suffered insider attacks in 2017. As a financial services firm, you must take extra steps to protect your confidential client data.
Here Are 11 Steps To Take To Secure Your Data
Ask your IT service provider to use technology tools to help you secure your data. They can do so in the following ways:
- Use IT Controls That Limit Access. Your receptionist doesn’t need access to your clients’ financial files. Ask your IT provider for tools like Microsoft Active Directory or other identity-management solutions to ensure only those you want to access data can do so.
- Password-Protect & Encrypt Data. Protect the data itself with hard-to-guess passwords and encryption that scrambles data unless the user has access to a decryption key.
- 3. Implement Mobile Device Management. Ask your IT provider to track the use of computers, laptops, tablets and smartphones in your firm. Mobile Device Management can wipe data from mobile devices remotely if they are lost, stolen or if you believe an ex-employee has your data.
- Logging For Security. There are products that can record everything that occurs on company devices with logging and reporting. These are legitimate software solutions. You can ask your IT professional to direct the software to monitor specific employees and give your managers the right to set policies to review collected data.
- No External Devices Allowed. If you have a server, it’s possible to prevent USB drives or external hard drives from being connected to your computers.
- Data Loss Protection. Data Loss Protection stops data from slipping through exit points such as email, instant messaging, thumb drives, file-sharing services, printers and malware.
- SOCaaS (Security Operation Center as a Service) A Security Operations Center-as-a-Service solution addresses all network security concerns. It delivers 24/7 threat monitoring, advanced analytics, threat intelligence, and human expertise in a combined incident investigation and response.
SOC-as-a-Service provides cybersecurity monitoring for all of your critical devices. It uses advanced analytics and correlation to detect threats and generate automated notifications 24 hours a day, 365 days a year. Then professional security analysts review logging reports for oversight and compliance.
- Implement Backup and Virtualization Systems. Having a way to store digital files safely, is critical to prevent both accidental and purposeful deletions. Make sure you have backups of data that aren’t accessible to those leaving, just in case they decide to delete your files in anger. Ask your IT provider to set up a virtual image-based copy of your IT assets that include all of the applications you use so you can access them if files are deleted.
- Provide Cybersecurity Awareness Training and TestingFor Your Employees. Ongoing training and testing of all your employees reduce the instance of human error that increases cybersecurity risks.
- Develop IT Security Policies. Ask your IT service company to help you outline the rules for downloading or removing proprietary information from your firm. These should also include the use of email, instant messaging and social media to ensure data isn’t transferred in this way. All rules should cover employees’ devices while at work.
Make sure all of your employees sign an agreement that affirms their understanding of these rules and the importance of keeping your firm’s data confidential. Your business partners should be provided separate confidentiality and non-compete agreements.
And, make sure to have proper agreements in place that allow you to seek damages if you discover that data (or paper files) were taken without authorization. You may not realize until months later that a former business partner took off with your digital information.
- Use Technology To Monitor Employees Who Are Planning To Leave Your Firm. Your IT provider can implement technology that can record everything a particular employee does including uploading data, downloading data and any other activity you deem suspicious.
When employees leave, terminate all access to your systems immediately. The key is to move fast to cut off departing employees’ access to your firm’s network, applications, email accounts and cloud storage. Be sure to change passwords on any social media accounts for your business they may have used. Your IT service company can manage this for you.
You must be committed to securing confidential client information and work to be compliant beyond industry standards. This is what’s required for cybersecurity in today’s complex digital world.
For more information on keeping your financial firm’s data secure, contact the IT security experts at Cyber Solutions in Anderson, South Carolina. We’ll assess your IT security and implement a plan to keep your data safe.