Chapter 5: Ethical Practices and Obligations - N. Cybersecurity, Privacy, and Data Protection Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

Cybersecurity overview

A

Cybersecurity is becoming a growing concern with both broker/dealers and Investment Advisers. SEC, FINRA, and state securities regulators are expanding their regulations concerning cybersecurity based on recent enforcement actions related to cyber breaches. To this end, financial firms should step back and reassess their policies and procedures related to cybersecurity and the protection of customer identification. For example, registered investment advisers and broker/dealers should implement a systematic approach to identify areas of security vulnerability.

The financial services industry has a responsibility to its customers to provide a secure business environment. While these best practices can be used as a guide, there remains a constant need to update your firm’s system and procedures to account for the fast-growing, ever-changing, and more sophisticated cyber threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cybersecurity recommendations

A
  1. Create a detailed inventory of your firm’s devices and systems including software and applications. Make sure to catalogue the firm’s network connections from external sources: “Know how your customer’s data flows through the organization, and the points (both internal and external) susceptible to breaches!”
  2. Ensure all devices, systems and applications have both restricted access and strong password protection.
  3. Perform regular risk assessments at least annually to identify potential new cyber threats and address any vulnerability.
  4. Incorporate standards set by National Institute of Standards and Technology (NIST) or International Organization of Standardization (ISO).
  5. Appoint an officer to oversee the cybersecurity process, including:
    - Annual assessment;
    - Controlling access to sensitive data;
    - Risk management tools; and
    - Training staff on customer identification and reporting potential security breaches.
  6. Utilize encryption when transmitting customers’, employees’ or any confidential data electronically. In the alternative, confidential data should at least be password protected. Additionally, encrypt customer information located on your server.
  7. Update policies and procedures to include who will have access privileges, based on their business function, and the process of changing and/or removing access when an individual is transferred or terminated.
  8. Regularly schedule system updates to include:
    - Software patches to improve security;
    - Internet function protection;
    - Third-party system and service provider reviews; and
    - Separate security protocols for removable and mobile devices.
  9. Build a recovery process into your cybersecurity procedures. The question is not IF there will be a breach, but rather, WHEN there will be a breach.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly