Don't Forget to Share this Post

Technology Planning That's Critical to Compliance & Risk

By 2019-05-28 | Tuesday, May 28th, 2019
Organisations worldwide are subject to various industry-specific regulations as well as generic statutory requirements. Compliance and risk considerations are particularly vital to firms conducting their operations in a safe manner that is approved by relevant governing bodies. For the wider financial services sector, regulatory bodies ask that firms are proactive with risk practices in place to deal with a cybersecurity incident effectively. This is to avoid any disruptions to a firm’s operations and clients and for minimal financial loss. Investors are also increasingly demanding transparency around this area when performing their due diligence, hence today’s firms must have a robust incident response management plan in place before a cyber incident occurs.  

At Eze Castle Integration, we encourage firms to have a ‘when’ not ‘If’ outlook when it comes to such incidents. Today’s blog article will look at the groundwork and key steps firms should take before being subjected to a cybersecurity incident, in order to ensure complete preparedness to respond effectively. 

Step 1: Creating an Incident Response Team

Firms are advised to setup an ‘Incident Response Team’ to:

•    Respond to computer incidents
•    Manage and facilitate all communication when an incident does occur
•    Notify regulatory agencies and governing bodies
•    Oversee your incident response policy and procedures 

Roles and responsibilities should be assigned to individuals within this team, to ensure clarity on what is expected of each person when an incident does occur. Conducting regular training and testing excercises will help you to assess how employees are responding to scenario-specific incidents, and determine where there is room for improvement to provide constructive feedback to individuals accordingly.  

In addition to this, firms should promote a security awareness culture organisation wide, to ensure employees are clear on how to spot and report suspicious activity. 

Step 2: Data Classification and Protection 

Classifying data for effective protection of data is another key element to have defined before you’re dealing with an incident. Firms need to be thinking about:

•   What information needs protecting? You’ll need to put yourself in the shoes of the malicious hacker here to determine what kind of information would attract them to target your firm specifically. 

•   Data protection considerations such as where information resides, who has access to the data, as well as strong data loss prevention safeguards to have in place are key considerations in this stage.

•   Frequent inventories of hardware and software devices and systems should be kept. As well as maintaining an updated network diagram and defining where your ‘crown jewels’ are located, in order to have the right safeguards in place. 

Step 3: Security Plans to Have Ready to Go

A crucial aspect of preparing for a cybersecurity incident requires your organisation to have the following detailed, security plans and features in place:
•    Written Information Security Plan
•    Disaster Recovery
•    Business Continuity Plan
•    Incident Response Plan

This is perhaps the stage which is most consuming of time and resources. But, each of these plans serve their own individual purpose and compliment one another in ensuring your firm can respond effectively to an incident. Financial regulatory bodies around the world expect firms to have these plans in place as good practice to ensure safe and sensible delivery of their services, and to maintain security for other firms operating in the landscape.

Exploring Outsourced Services 

It is wise to assess outsourced expert cybersecurity services. A trusted partner can help with everything from communication, technicalities, forensics to legal consultation when it comes to incidents. They have a wealth of knowledge and experience in the subject matter and are likely to have come across a range of incidents - big, small, medium, during their tenure, and thus be able to prescribe the right proactive tools specific to your firm’s size and sector. 

Watch the full replay of our recent webinar here for more information on Incident Response Planning and for pointers on how to tackle the ‘during’ and ‘post’ incident phases.
Don't Forget to Share this Post

Related Posts

How Can Eze Castle Integration help you?Contact us today!