No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Featured

Cyber Risk Continues to Plague Financial Services

4 Key Areas of Focus to Strengthen Cybersecurity

by Martin Passante
July 19, 2019
in Featured, Financial Services
businessman touching virtual screen to unlock data, concept of global cybersecurity

The eventuality of a cyber attack is cause for concern for all kinds of organizations, but lately the financial services industry has been especially afflicted. Drawbridge Partners’ Martin Passante explores the growing cybersecurity threat in financial services and how firms can proactively prepare.

Cybersecurity is a growing concern for firms in the financial industry. Whether it is via social engineering or malicious outsiders hacking into a network, cybercrime is on the rise and people are taking notice. Without proper security controls in place, firms’ networks are at risk of intrusion.

Without proper logical and technical controls in place, firms’ employees are more susceptible to phishing and social engineering attacks – the root cause of a great majority of cyber breaches. Firms are also vulnerable in places they don’t even realize or control, such as the third-party vendors they engage with. Proper cybersecurity due diligence exercises are essential to ensure that the third parties a firm engages with have proper practices and policies in place. In addition, due to increased scrutiny from regulators, as well as investor demand for certain cybersecurity precautions in place to ensure their investments are safe, firms have begun to take note and implement various cybersecurity programs.

There are various steps a firm can take to ensure they are checking their cybersecurity boxes.

Firms have begun undertaking cybersecurity initiatives that involve implementing cybersecurity policies (such as information security plans and incident response plans), engaging in phishing exams and cybersecurity training for firm employees, conducting penetration tests on the firm’s network and conducting pointed cybersecurity vendor due diligence to ensure the third parties the firm engages with are secure.

1. Plans and Policies

Items such as cybersecurity policies are imperative to have in place. In fact, regulators such as the Securities and Exchange Commission and National Futures Association require cybersecurity policies in guidance they have issued. Also, on many occasions, large investors require these documents be implemented and often times request to view them (in addition to viewing other reports and assurances that a firm has a solid cybersecurity posture). Policies that firms should be looking to implement, as a baseline, include an information security policy, incident response plan and business continuity and disaster recovery plan.

With these policies in action, the firm, as well as those interested parties, can be assured as to what the firm has in place to protect their data and sensitive information. These policies also serve as guidance for firm employees regarding their role in keeping information secure, what measures the firm has in place and how they function, as well as what to do in the event of a breach or loss of firm data. Maintaining cybersecurity policies is crucial to assure regulators and investors that a firm is secure from a cybersecurity perspective.

2. Training: Addressing Human Error

Training firm employees is another initiative that most regulators and investors view as imperative. Most data breaches occur because of human error. Whether it’s clicking on a link in a phishing email that installs malicious spyware on a computer or something as simple as poor password management leading to a breach, missteps by employees can lead to several unwanted issues for firms.

But there are efficient ways to help employees understand the various cyber threats they face on a daily basis. This includes conducting phishing exams regularly to ensure employees know what to look out for, as well as (at least annual) cybersecurity training for employees. Cybersecurity training should inform employees of the steps the firm has taken to secure its infrastructure, various mandatory policies (such as password policies, clean desk policies, secure transferring of information, etc.) that help the firm stay secure, as well as the cyber threats employees face and what to do in situations where they are being targeted. Training employees on cybersecurity should be a measure that all firms implement, regardless of size or the amount of assets managed, because a firm is only as strong as its weakest employee.

3. Testing

Conducting penetration tests is another great way a firm can secure its infrastructure. Testing a firm’s network can elucidate risks that may have otherwise gone undetected. Once a test is conducted and the firm has a better understanding of its network perimeter vulnerabilities, it can properly remediate the risks with items such as network firewall solutions with IDS/IPS capabilities, network monitoring solutions, antivirus and antimalware and patch management policies to ensure devices connected to the firm’s network are always up to date with the most recent firmware. Ensuring that the firm’s IT infrastructure and network perimeter are secure is essential to good cybersecurity practice, and penetration testing is the best way to accomplish this.

4. Third-Party Due Diligence

Third parties are a cybersecurity risk for firms and should not be ignored. Many vendors engaged with firms in the financial industry maintain sensitive data related to the firm, its employees and its investors. Therefore, ensuring that this information is being guarded is intrinsically linked to a firm’s success. Baseline questions to ask when considering a vendor for review are:

  • Does this vendor store, create, manage or access your firm’s business confidential information?
  • Does this vendor store, create, manage or access your firm’s personally identifiable information?
  • Does this vendor store, create, manage or access your firm’s investors’ or customers’ personally identifiable information?

If the answer is “yes” to any of the above questions, then the firm should conduct cybersecurity due diligence on the vendor to ensure that the vendor is secure and has cybersecurity top of mind. Conducting thorough cybersecurity vendor due diligence is the best way to identify which third parties a firm engages with are secure and uphold cybersecurity best practices.

Firms in the financial industry should indeed be aware of the ever-growing cyber threat if they aren’t already, because regulators and investors will continue to voice their concern. Cybersecurity programs should be implemented, and upper management must ensure that they are taking every precaution to ensure the firm’s, its employees’ and their investors’ sensitive data is being safeguarded.


Tags: Business Continuity PlanningPersonally Identifiable Information (PII)Third Party Risk Management
Previous Post

Considering Environmental, Social and Governance Factors in Business and Investing Analysis

Next Post

Managing the Workplace Ethics of Social Media

Martin Passante

Martin Passante

Martin Passante is a Senior Associate at Drawbridge Partners, LLC. Martin has a background in cybersecurity, data protection and privacy and blockchain/cryptocurrency startups. Having worked in data protection for a big four firm, Martin is experienced in cybersecurity governance, vendor due diligence, incident response and remediation, policy analyzing and structuring and Global Data Protection Regulation compliance. Martin has also advised several startups in various industries, but most specifically in the blockchain industry, providing startups with formation and structuring advice, policy analyses, regulatory analyses and assisting with various compliance objectives. Martin holds a B.A. in Economics from Stony Brook University and a Juris Doctor from Brooklyn Law School.

Related Posts

GAN Integrity TPRM & AI

Where TPRM Meets AI: Balancing Risk & Reward

by Corporate Compliance Insights
May 13, 2025

Is your organization prepared for the dual challenges of AI in third-party risk management? Whitepaper Where TPRM Meets AI: Balancing...

robot reviewing contract

9 Emerging Use Cases for AI in TPRM

by Miriam Konradsen Ayed and Craig Moss
May 6, 2025

(Sponsored) As third-party ecosystems grow more complex, compliance teams face mounting pressure to assess and monitor external relationships effectively. Miriam...

business relationship concept hands

Relationship (Owner) Goals: Why Half Your TPRM Red Flags Stay Hidden

by Chris Audet
April 9, 2025

The front-line staff who manage vendor relationships are uniquely positioned to spot problems before they escalate, yet many organizations fail...

avengers lego figures

Uniting Forces: Cross-Functional Approaches to Insider Threat Prevention

by Rachel L. Gerstein
April 8, 2025

Creating a structured framework that brings together security, HR, IT, legal and compliance teams to fight internal vulnerabilities

Next Post
Managing the Workplace Ethics of Social Media

Managing the Workplace Ethics of Social Media

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights