The LeGaye Law Firm Shares Best Practices in Light of Targeted Sweep Exams on Cybersecurity Being Coordinated Between CFTC, SEC and FINRA
The Woodlands, Texas (PRWEB) April 24, 2014 -- With this in mind, The LeGaye Law Firm has provided an overview of preliminary steps to achieving and maintaining an increased level of cyber security.
Registered investment advisers and broker-dealers must implement a systematic approach to identifying areas of security vulnerability.
Step 1 - Create a detailed inventory of your firms’ devices and systems including software and applications as well as catalogue the firm’s network connections from external sources. It is very important to know how your customers data flows through the organization, and the points (both internal or external) that the information might be susceptible to breaches.
Step 2 - Make sure that the firms’ resources are protected, based on the sensitivity of the information stored. Ensure all devices, systems and applications have both restricted access and strong password protection.
Step 3 - Perform regular risk assessments at least annually to identify potential new cyber threats and address any vulnerabilities in your firms' current security systems. Risk management processes should incorporate the recommended standards set by National Institute of Standards and Technology (NIST) or International Organization of Standardization (ISO).
Step 4 - Appoint a person to oversee the cybersecurity process, including the annual assessment, controlling access to sensitive data and risk management tools to appropriate personnel and overseeing the training and education of all staff members and customers in identifying and reporting potential security breaches.
Step 5 – Encryption is now commercially available and should be utilized when transmitting customer, employee or confidential data electronically. In the alternative, confidential data should at least be redacted from documents and or the documents should be password protected.
Step 5 - Update policies and procedures to include who will be granted access privileges, which resources will be accessible to each business function, and the process of changing and/or removing access when an individual is transferred or terminated.
Step 6 - Regularly schedule system updates to include software patches to improve security, internet function protection, and third-party system and service provider reviews. Separate security protocols should be in place for removable and mobile devices as well.
We all have responsibility to our customers to provide a secure and well maintained business environment. While these best practices can be used as a guide, they do not account for all the fast-growing, ever-changing, and more sophisticated cyber threats that we see being unleashed on unsuspecting businesses and their customers. Stay alert! If something seems suspicious, it probably is.
Daniel E. LeGaye, The LeGaye Law Firm PC, http://www.legayelaw.com, +1 281-367-2454, [email protected]
Share this article