Warren Finkel, Managing Partner of ACE IT Solutions, was recently featured in an article addressing cybersecurity for Risk Professionals.
According to the article, “Regulators in the financial services sector have put cyber security front and center on their list of priorities.” In fact, a St. Louis-based investment advisor was recently charged with failing to ensure the security and confidentiality of its customers private data.
The GARP article issues a serious warning to all financial institutions, of all sizes and types: “Based on the results of the SEC study and the plethora of cyber attacks on government and big business, it is clear that cybersecurity programs are no longer optional. Cyber threats have become so pervasive and serious that an attack on any firm could be fatal to its existence.”
What can financial firms do to to ensure an effective cyber security program?
That was a the question posed to Mr. Finkel, who has extensive experience advising financial clients about cybersecurity risk management. The answer includes some key steps:
- Determine gaps and vulnerabilities in your cybersecurity program with regular security assessments.
- Ensure that user controls and password authentication – as well as basic mobile device management, phishing and user training – are in place.
- Develop a comprehensive inventory to identify and classify firm’s weaknesses and greatest risks.
- Build an overall cybersecurity strategy.
- Establish governing policies and procedures – written policies and procedures must be in place according to the SEC.
- Train employees in cybersecurity awareness.
- Cybersecurity due diligence of vendors and third-party providers should be performed before hiring and giving a vendor access to a firm’s network – and the vendor should be monitored regularly.
- Adopt a dynamic, risk-based cybersecurity plan.
Read more at GARP
About the Global Association of Risk Professionals (GARP)
As the leading professional association for risk managers, the Global Association of Risk Professional’s mission is to advance the risk profession through education, training, and the promotion of best practices globally.
Read the full article here: http://www.garp.org/#!/risk_intelligence_detail/a1Z40000002wNc8EAE