Five Security Practices Your Firm Had Better Get Right (Tech Tips Video)
It's time for another Tech Tip video! Today, we have five security practices your investment firm should not overlook. Watch and learn!
Can't spare 2 minutes to watch? No problem. Take a quick read through these five security best practices:
The cyber threat world is changing fast and hackers have their sights squarely set on the financial industry, so here are five security practices your firm had better get right.
Make sure the security basics are covered. These foundational layers of security include anti-virus protection, network firewalls, web filtering and strong password policies. But you can’t stop there.
Establishing and following access control polices is key. Employees require access to the data necessary to complete their job functions. But beyond that, firms should limit what data employees have access to. It’s not about not trusting your employees, but more so about not trusting the technology behind those employees. The less data employees can get to, the less damage can be done via an internal breach or external hack.
Engage a real-time intrusion detection and mitigation system for both your on-premise and cloud environments. Be sure to track and observe all network actions to be aware of breaches, attacks or unauthorized access of sensitive information. Beyond monitoring, you need an established incident response team and plan that can swing into action if a breach is identified.
Perform a vulnerability assessment at least annually. It is essential that companies authenticate firewall configurations and anti-virus patching, network device security and evidence of criminal activity. You'll want to know where vulnerabilities exist before implementing additional security measures.
Train your employees and make them cyber-aware. A firm must train employees on handling confidential data and define their responsibilities around cybersecurity. One compromised computer can infect an entire organization, so at least annually, employees should complete security awareness training on a range of topics.