According to one compliance expert, about 70% of data breaches involve a compromised user at a given firm. What does that mean for your data security? And how can you protect your firm from internal threats? This week’s FIN News shares insights from the CNBC article, “Financial Advisors: Strengthen Your Data Security Practices,” and includes input from Craig Watanabe, senior compliance consultant at San Diego-based Core Compliance & Legal Services.
Here are key steps to consider:
Enable and follow a strong protocol
- Review your firm’s cybersecurity program. What policies and procedures are currently in place? What are your risks? How do you mitigate them?
- Know who has the right to access client files, firm data, and other books and records.
- Ensure that anti-virus software is up to date.
- Make sure that computers are set to automatically lock out users after a reasonable period of inactivity.
Encryption is everything
- Strengthen your passwords and consider the use of two-factor authentication.
- Consider intrusion-detection monitoring to determine whether outsiders have made hacking attempts.
Have a plan for recovery
- If you suspect your organization was hacked, notify your legal team and determine how best to proceed. From there, work to notify the legal authorities.
- Be sure to review evidence from log files, intrusion detection systems and firewalls to discuss with security staff or advisors.
- When working to recover from a data breach, be sure to preserve the evidence.
Still concerned about possible vulnerabilities with your financial organization’s security systems? Our white paper focuses on comprehensive security assessments and discusses fixing security holes before they’re exploited.