For all intents and purposes, you should really think about FINRA compliance and cybersecurity as the same thing. While they’re not technically exactly aligned, when it comes to firms like yours, the difference is negligible.
At the end of the day, you need to be secure, in order to be FINRA compliant – are you?
Let’s start with the basics – compliance is determined by your firm’s ability to protect the confidentiality, integrity, and availability of sensitive customer information/ That means following the three regulations below. Think of them as what’s required of you and how you deal with your data…
1. Keep Data Safe Where Branches Are Concerned
The point of Written Supervisory Procedures (WSPs) is that they make sure your branches are as secure as your primary location. No matter how good your onsite cybersecurity is, that doesn’t mean anything to your branches.
Make sure to dictate exactly how branches are expected to protect data, such as
2. Protect Against Phishing
Phishing is a wildly common cybercrime tactic, in which a fraudulent email convinces the recipient to share valuable data, execute a significant financial transfer, or download malware. Phishing succeeds when a cybercriminal uses fraudulent emails or texts, and counterfeit websites to get the user to share their personal or business information like their login passwords, Social Security Number or account numbers. They do this to rob a user or organization of their identity and/or steal their money.
Cybersecurity awareness training is becoming a more and more common part of modern IT services. The fact is that users are a key target for cybercriminals; the more they know about cybercrime tactics, the better defended your organization will be.
3. Test Your Defenses
You won’t know how strong your cybersecurity is if you don’t test it. That’s why you need to have penetration testing performed on a regular basis. It’s an authorized attempt to break through your organization’s cybersecurity defenses, determining precisely where your vulnerabilities may be.
FINRA recommends running penetration tests both on a regular basis, as well as after key events – anything really that makes significant changes to your firm’s infrastructure, staffing, access controls, or other cybersecurity-based considerations.
4. Make Your Users A Cybersecurity Asset
More often than not, cybercriminals will target your staff. They’re usually the weakest links in an organization. This is why you need to have a carefully implemented process to track the lifecycle of accounts on your network.
5. Keep Data Protected On Mobile Platforms
Just like how your onsite cybersecurity doesn’t extend to branches, it also may not extend to the mobile devices your staff uses for work. This is a critical limitation of your cybersecurity software, and it’s obvious when you think about it – if your firewall is only installed on your work devices, but you let employees use personal devices and home workstations to access business data, then obviously you won’t be totally secure.
Maintaining mobile security isn’t just about having the right apps – it means following the right protocols, to eliminate unknown variables and maintain security redundancies:
Like this article? Check out the following blogs to learn more:
How Are Face and Touch Recognition Changing iCloud Access?