Cybersecurity steps to take now to prevent an attack

Cybersecurity steps to take now to prevent an attack

We have become accustomed to seeing headlines about major cyberattacks or cybersecurity violations in a range of industries, from internet and technology companies to large retailers and national healthcare systems. But financial advisors have always been a particularly attractive target for cyberattacks, with one in five wealth managers reporting data breaches over the past five years in the Survey on the state of cybersecurity in Arizona 2022. It is a situation that is only intensified by the movement of the COVID era industry into digital communication.

Raghu Valipireddy

Raghu Valipireddy

And with new rules proposed by the SEC in February, there is more urgency on the cybersecurity risk management front for financial advisors. These rules would create standards that require advisors to adopt and implement written cybersecurity policies and procedures designed to address the risks that could harm clients. They would also require advisors to report significant cybersecurity incidents to the SEC in a new section of the ADV form.

Also under the proposed rules, advisors should publicly disclose cybersecurity risks and significant cybersecurity incidents that have occurred in the last two fiscal years in their brochures and registration returns. The rules would also establish new advisory record-keeping requirements designed to improve the availability of cybersecurity-related information and help facilitate the SEC’s inspection and enforcement capabilities.

This is in addition to the CFP Board Code of Ethics and Rules of Conduct, which requires financial advisors to take reasonable steps to protect the security of all non-public information from electronically stored clients. And FINRA has also provided cybersecurity guidance for financial advisers. Taken together, this means that advisors can no longer respond after events to cybersecurity incidents. Instead, you need to take proactive steps to protect your business and your customers’ data from cyberattacks.

According to the Arizent survey, financial advisors consider malware or ransomware attacks to be the biggest potential cyber threat to their business (listed by 60% of respondents). Then there were data breaches by hackers or another criminal element (52%), phishing or spear-phishing (50%) and an unwanted breach caused by an external provider (41%).

The good news is that many financial advisors recognize the danger that cyberattacks pose to their businesses. According to a 2022 survey conducted by PricewaterhouseCoopers, 48% of CEOs of wealth management companies consider cyberattacks to be the biggest threat to their future growth. More importantly, they are taking proactive steps to protect themselves from cybercrime. For example, more than three-quarters of respondents require two-factor authentication to log into their systems, and according to the Arizent survey, about half do routine and third-party vulnerability assessments. Approximately the same percentage say they plan to increase spending on cybersecurity this year, and half plan to increase spending by 10% or more.

But advisors are lacking when it comes to some areas of building solid cyber defenses. For example, only 21% perform tests in which they or an external entity attempts to enter their systems. And only about a third periodically test what they would do if a data breach or cyberattack occurred, according to Arizent’s survey.

Protecting yourself from cyberattacks and minimizing potential damage if an attack occurs requires planning and diligence. Here are six practical steps you can take now to protect your business.

1. Educate your staff about cybersecurity risks
The main point of entry for cybercriminals is often not technology, but people. This makes it critical to train your employees to recognize common cybersecurity threats and take action against them. Remember: your company’s defenses are only as strong as your weakest link. You just need an employee to click on a scam link to potentially expose your entire company to an expensive cyberattack.

2. Test your infrastructure and computer systems regularly
The best way to test your systems is to perform “white hat” exercises or penetration tests where team members or an outside entity, such as a security consultant, try to hack your system or investigate weaknesses. Some cybersecurity experts recommend performing these tests every 12 or 18 months. The test will help reveal specific cybersecurity risks and deficiencies that you can focus on eliminating.

3. Create an incident response plan
Even if you take all the recommended precautions, there is still a decent chance of being the victim of a cyberattack. This makes it critical to have a plan on how to respond and minimize potential damage. Your incident response plan should detail the procedures your company will follow after a cyberattack, including the specific roles of key personnel.

4. Back up regularly and keep your operating systems up to date
Ransomware, a type of cyberattack in which thieves steal data and hold it for ransom, has become one of the most common types of attack. Backing up your data regularly is the best defense against ransomware, as it eliminates the power of the criminal. If operating systems are not upgraded, systems are vulnerable to attacks because obsolete systems cannot be applied automatically. Avoid this by enabling automatic updates for all your phone systems, software, and applications.

5. Use MFA
Passwords are an essential part of maintaining security, but they are not foolproof. Too often, passwords are reused or not strong enough to withstand a brute force attack. MFA, or multifactor authentication, is a digital authentication method based on two or more user verification factors. Whenever an account offers MFA or 2FA security measures, use them. Disabling MFA is a security risk that you can no longer afford.

6. Supervise the cybersecurity practices of your vendors
Lax cybersecurity by external vendors could put your business at risk. In fact, 63% of data breaches come from the vulnerability of a third party, according to the SEC .

Source link

Related post

Recreation and Sport Management Program to Launch New Outdoor Leadership Minor

Recreation and Sport Management Program to Launch New Outdoor…

Photo sent The College of Education and Health Professions’ sports and recreation management program…
Open House: What steps can be taken to check the rising cases of suicides among youths? : The Tribune India

Open House: What steps can be taken to check…

Education institution should set up helplines To begin with, it should be made clear that stress is a physical reaction to…
Here are the top 25 start-ups to work for in India

Here are the top 25 start-ups to work for…

It’s also great to see young professionals embracing India’s startup ecosystem, with 56% of all hires at the top 25 startups…

Leave a Reply

Your email address will not be published.