Cybersecurity practices remain a key focus for both the Financial Industry Regulatory Authority (FINRA) and the U.S. Securities and Exchange Commission (SEC). An article* in Forbes magazine summarizes five best practices cited by these organizations to mitigate the risk of cyber attacks:
FINRA has found that although Boards of Directors are actively focused on cybersecurity, during their regulatory exams up to two-thirds of companies were found to have deficiencies or weaknesses in their policies and procedures. Cybersecurity policies need to be specific and articulate the procedures necessary for implementation.
- Risk Assessment
Risk assessment should be an ongoing process as opposed to a single point in time. Companies should gather and evaluate indicators of potential risks on a monthly, quarterly and annual basis. They should also look to what’s happening at other organizations and other industries, both to gain best practices ideas and to help thwart attackers’ plans.
- Cybersecurity Training
Because employees represent the biggest risk, training needs to be conducted regularly and be varied, both in method (such as in-person, email, blogs) and with different topics (such as passwords or visitor access). Show employees what good cyber behavior looks like so they may bring those practices home with them to protect their families and personal systems, as well.
- Access Management
While the SEC watches how organizations conduct reviews of access rights periodically, it is estimated that about half either do not follow policies and procedures for terminating access rights, or inadvertently provide unauthorized system access to users contrary to established policy. Best practice is for any remote access to a core network to be protected by two-factor authentication.
- Vendor Management
Risk from vendors needs to be addressed and constantly vetted and assessed. One idea calls for the business to obtain permission before bringing on any new vendor that handles, touches, or stores data. To make it easier, create a list of pre-approved vendors.
The team of professionals at The Reschini Group can help assess your cybersecurity exposures and offer comprehensive insurance solutions to transfer cyber risk and protect your company. Contact us to learn more.
Copyright 2019 The Reschini Group
The Reschini Group provides these updates for information only, and does not provide legal advice. To make decisions regarding insurance matters, please consult directly with a licensed insurance professional or firm.