Building your cyber security foundation
The financial services industry is a significant target for cyber security criminals, perhaps second only to the federal government. Creating a robust cyber security program that incorporates technology professionals and processes as early as possible in the lifecycle of a firm is essential to ensure that good practices and habits are created and embedded from a firm’s inception.
Actions you can take to mitigate your cyber security risk
It’s no longer a matter of ‘if’ you will be attacked but ‘when’ and assessing what the scope of the damage may be. In order to mitigate your cyber security risks, there are a number of actions you can take now:
- build your cybersecurity foundation on regular technology risk assessments, carried out on at least a biennial basis.
- create robust written information security policies and review them on an annual basis.
- conduct annual cyber security training and run phishing campaigns for all staff.
- ensure that the business, and not only IT, tests your backups and recovery strategy on a regular basis.
- conduct executive-level, tabletop, cyber security exercises across all aspects of the business as well as an IT-focused exercise.
- scan your perimeter weekly for vulnerabilities and ensure that a third party carries out a scan of your internal networks to ensure patches are being applied correctly.
- ask questions of your vendors about their cyber security program and conduct diligence as necessary.
- ensure your office premises is physically inspected for its security; implement a ‘clean desk policy’ and lock individual office doors when not in use.
- for PE firms, conduct portfolio company oversight and ensure that portcos report regularly on cybersecurity.
If you would like to find out more about how our team of dedicated cyber security advisors can help you with your specific requirements, please contact us below.