Since October is National Cybersecurity Awareness Month, this is a good time to reflect on the many high-profile security breaches that have made headlines this year.
Yahoo announced that the security breach it suffered back in August 2013 compromised every single one of its customer accounts. Up to 143 million Americans may have had their sensitive financial information compromised when Equifax was hacked. A detailed forensic analysis undertaken by the Securities and Exchange Commission (SEC) found that information was compromised when the regulator’s EDGAR system was hacked. The WannaCry cyber-attack caused global panic in May, and it was quickly followed by another international cyber-attack, which first hit computer systems in Ukraine and then spread to the U.S. and other countries.
That’s quite a list. In light of these jolting events, the most productive way for financial services and other highly regulated firms to observe National Cybersecurity Awareness Month is to ask themselves if they can answer “yes” to the question, “Are you doing all you can to protect your data properly?”
In order to answer, you have to first ask many other questions.
Do you have a written cybersecurity policy, and do you enforce it across your firm? Do you make an active effort to educate every employee about the role they play in protecting your system from hackers, and how to avoid common mistakes that hackers can exploit? Do you hold regular firm-wide drills so that employees are familiar with how to effectively respond in the event of a breach? Do you update employees about new cyber threats as they emerge?
If you utilize software-as-a-service (SaaS) technology from third-party vendors, do you know for certain that your vendor has a robust cybersecurity program in place? Are all firm-approved devices equipped with multi-factor authentication and other security measures which make it more difficult for hackers to break into systems using an employee’s misplaced or stolen credentials?
These are only some of the numerous questions that you need to ask, and answer honestly, before you can truly know whether or not you and your colleagues are doing all you can to protect your firm’s client data.
If you are unable to answer “yes” to the above questions, then your firm’s sensitive client data may be vulnerable to a cyber-attack.
The cyber threat is expanding so rapidly that even the SEC, which sets and enforces cybersecurity standards for the investment companies under its jurisdiction, has found it difficult to stay one step ahead of cyber-attackers. The SEC’s vulnerability means that smaller firms which lack the resources to hire in-house IT teams aren’t the only ones at risk.
This is why outsourcing IT, including the management and maintenance of cybersecurity operations, to a third-party IT manager which possesses expertise in both IT and your firm’s industry could be a beneficial long-term option. Our own workplace_ solution, for example, enables us to consolidate and manage a firm’s entire IT infrastructure within a secure digital hub that we continually update as new cyber threats and regulations emerge. This can provide workplace_ user firms with peace of mind that stems from knowing an IT expert (which has never suffered a security breach) is on guard 24/7 to ensure their company data is safe, and that their systems are compliant with cybersecurity regulations.
National Cybersecurity Awareness Month comes only once a year, but protecting company systems and data is something that requires vigilance all year long. Every month should be National Cybersecurity Awareness Month, but the best way to commemorate the occasion this year is to conduct an honest evaluation of your firm’s cybersecurity readiness, and find out if your client data is truly protected every month, and every day, of the year.