Whether you own a broker-dealer business or you are an individual broker, you can easily become the target of cyber attacks.
Protecting yourself against such attacks is not an easy task, as they are becoming increasingly more sophisticated and more frequent. FINRA regulations were created precisely to help companies in the financial industry steer clear of danger.
FINRA (Financial Industry Regulatory Authority) is the largest non-governmental agency that provides regulatory services for the financial industry in the United States by creating and enforcing guidelines for members based on the federal securities laws.
They take things seriously, as shown by their cyber security rules which are no joke. Here are a few examples:
Cyber security risk assessment is a must
FINRA regulations say companies should run comprehensive assessments on a regular basis in order to identify cyber security risks related to business assets and vendors. It’s always better to prepare and prevent, than to repair and repent, so this should definitely be a priority.
Whether the organization you run is small or big, risk assessments are critical for keeping a sound business infrastructure.
Businesses should implement technical controls
In order to keep your data safe, you need to make sure the software and hardware that store and process that data are protected. You can do this by:
Implementing a Defense-in-Depth strategy.
- 20 Critical Security Controls that SANS recommends to better protect commercial and government networks from cyber attacks. These best practice controls have been endorsed by a consortium of very security-conscious U.S. government institutions including the NSA, DoD, Department of State, and Department of Energy Nuclear Laboratories.
- Assessing your company’s technology and threat environment, and choosing technical controls accordingly.
It’s better to have a plan if a cyber attack occurs
If a cyber security incident takes place, it’s going to be hectic. That’s why it’s best to have a well-thought incident response strategy in place, just in case. FINRA regulations state that companies should establish policies and procedures, as well as roles and responsibilities to respond to attacks efficiently.
Simply put, the entire staff needs to know exactly what they are supposed to do and how to do it in the event of such an incident.
FINRA regulations say training the staff is important
In order for employees to be able to respond well in case of a cyber security emergency, they need to be properly trained. Organizing interactive training with audience participation is a great way to increase retention and help the staff learn.
Experience is the best teacher, so the training should include information from the company’s loss incidents and risk assessment process.
Consider cyber security monitoring
As cyber attacks are multiplying in frequency and cost, cyber security needs to be a joint effort between the industry, regulators, and policymakers. In this day and age, businesses of all shapes and sizes have to be able to address cyber security challenges.
FINRA regulations can help businesses in that effort. The rules they’ve created emphasize just how important risk assessment and cyber security monitoring are in today’s business climate. However, it’s not easy to detect and respond to threats, especially if you have a limited budget and a small security staff.
Even so, cyber security needs to be a priority.
Essentially for most small to medium sized financial services firms, Cyber Security Monitoring is not a technology issue, it is a resource issue.
All all-in-all creating and implementing a comprehensive defense-in-depth security strategy can be a daunting task.
To learn more about effective cyber security monitoring, vulnerability assessments, and defense-in-depth strategies, contact us using the form below or call one of our security gurus @ 412-931-1111 to find how you can make the most of existing security investments, reduce risks and defend your business on all fronts.