Monday, May 16, 2022
No Result
View All Result
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Cyber Risk Continues to Plague Financial Services

4 Key Areas of Focus to Strengthen Cybersecurity

by Martin Passante
July 19, 2019
in Featured, Financial Services
businessman touching virtual screen to unlock data, concept of global cybersecurity

The eventuality of a cyber attack is cause for concern for all kinds of organizations, but lately the financial services industry has been especially afflicted. Drawbridge Partners’ Martin Passante explores the growing cybersecurity threat in financial services and how firms can proactively prepare.

Cybersecurity is a growing concern for firms in the financial industry. Whether it is via social engineering or malicious outsiders hacking into a network, cybercrime is on the rise and people are taking notice. Without proper security controls in place, firms’ networks are at risk of intrusion.

Without proper logical and technical controls in place, firms’ employees are more susceptible to phishing and social engineering attacks – the root cause of a great majority of cyber breaches. Firms are also vulnerable in places they don’t even realize or control, such as the third-party vendors they engage with. Proper cybersecurity due diligence exercises are essential to ensure that the third parties a firm engages with have proper practices and policies in place. In addition, due to increased scrutiny from regulators, as well as investor demand for certain cybersecurity precautions in place to ensure their investments are safe, firms have begun to take note and implement various cybersecurity programs.

There are various steps a firm can take to ensure they are checking their cybersecurity boxes.

Firms have begun undertaking cybersecurity initiatives that involve implementing cybersecurity policies (such as information security plans and incident response plans), engaging in phishing exams and cybersecurity training for firm employees, conducting penetration tests on the firm’s network and conducting pointed cybersecurity vendor due diligence to ensure the third parties the firm engages with are secure.

1. Plans and Policies

Items such as cybersecurity policies are imperative to have in place. In fact, regulators such as the Securities and Exchange Commission and National Futures Association require cybersecurity policies in guidance they have issued. Also, on many occasions, large investors require these documents be implemented and often times request to view them (in addition to viewing other reports and assurances that a firm has a solid cybersecurity posture). Policies that firms should be looking to implement, as a baseline, include an information security policy, incident response plan and business continuity and disaster recovery plan.

With these policies in action, the firm, as well as those interested parties, can be assured as to what the firm has in place to protect their data and sensitive information. These policies also serve as guidance for firm employees regarding their role in keeping information secure, what measures the firm has in place and how they function, as well as what to do in the event of a breach or loss of firm data. Maintaining cybersecurity policies is crucial to assure regulators and investors that a firm is secure from a cybersecurity perspective.

2. Training: Addressing Human Error

Training firm employees is another initiative that most regulators and investors view as imperative. Most data breaches occur because of human error. Whether it’s clicking on a link in a phishing email that installs malicious spyware on a computer or something as simple as poor password management leading to a breach, missteps by employees can lead to several unwanted issues for firms.

But there are efficient ways to help employees understand the various cyber threats they face on a daily basis. This includes conducting phishing exams regularly to ensure employees know what to look out for, as well as (at least annual) cybersecurity training for employees. Cybersecurity training should inform employees of the steps the firm has taken to secure its infrastructure, various mandatory policies (such as password policies, clean desk policies, secure transferring of information, etc.) that help the firm stay secure, as well as the cyber threats employees face and what to do in situations where they are being targeted. Training employees on cybersecurity should be a measure that all firms implement, regardless of size or the amount of assets managed, because a firm is only as strong as its weakest employee.

3. Testing

Conducting penetration tests is another great way a firm can secure its infrastructure. Testing a firm’s network can elucidate risks that may have otherwise gone undetected. Once a test is conducted and the firm has a better understanding of its network perimeter vulnerabilities, it can properly remediate the risks with items such as network firewall solutions with IDS/IPS capabilities, network monitoring solutions, antivirus and antimalware and patch management policies to ensure devices connected to the firm’s network are always up to date with the most recent firmware. Ensuring that the firm’s IT infrastructure and network perimeter are secure is essential to good cybersecurity practice, and penetration testing is the best way to accomplish this.

4. Third-Party Due Diligence

Third parties are a cybersecurity risk for firms and should not be ignored. Many vendors engaged with firms in the financial industry maintain sensitive data related to the firm, its employees and its investors. Therefore, ensuring that this information is being guarded is intrinsically linked to a firm’s success. Baseline questions to ask when considering a vendor for review are:

  • Does this vendor store, create, manage or access your firm’s business confidential information?
  • Does this vendor store, create, manage or access your firm’s personally identifiable information?
  • Does this vendor store, create, manage or access your firm’s investors’ or customers’ personally identifiable information?

If the answer is “yes” to any of the above questions, then the firm should conduct cybersecurity due diligence on the vendor to ensure that the vendor is secure and has cybersecurity top of mind. Conducting thorough cybersecurity vendor due diligence is the best way to identify which third parties a firm engages with are secure and uphold cybersecurity best practices.

Firms in the financial industry should indeed be aware of the ever-growing cyber threat if they aren’t already, because regulators and investors will continue to voice their concern. Cybersecurity programs should be implemented, and upper management must ensure that they are taking every precaution to ensure the firm’s, its employees’ and their investors’ sensitive data is being safeguarded.


Tags: Business Continuity PlanningPersonally Identifiable Information (PII)Third Party Risk Management
Previous Post

Considering Environmental, Social and Governance Factors in Business and Investing Analysis

Next Post

Managing the Workplace Ethics of Social Media

Martin Passante

Martin Passante

Martin Passante is a Senior Associate at Drawbridge Partners, LLC. Martin has a background in cybersecurity, data protection and privacy and blockchain/cryptocurrency startups. Having worked in data protection for a big four firm, Martin is experienced in cybersecurity governance, vendor due diligence, incident response and remediation, policy analyzing and structuring and Global Data Protection Regulation compliance. Martin has also advised several startups in various industries, but most specifically in the blockchain industry, providing startups with formation and structuring advice, policy analyses, regulatory analyses and assisting with various compliance objectives. Martin holds a B.A. in Economics from Stony Brook University and a Juris Doctor from Brooklyn Law School.

Related Posts

In Case of Fire, Break Glass: Be Prepared for Recessionary Times Using 12-Step Contingency Plan

In Case of Fire, Break Glass: Be Prepared for Recessionary Times Using 12-Step Contingency Plan

by Jim DeLoach
April 5, 2022

For many industries and companies, 2022 was expected to be a time for recovery and renewal. While the war in...

LogicGate Risk Cloud Adds Black Kite Integration for Third-Party Risk Management

LogicGate Risk Cloud Adds Black Kite Integration for Third-Party Risk Management

by Corporate Compliance Insights
March 30, 2022

LogicGate’s Risk Cloud compliance platform has added integration with Black Kite, which offers cyber ratings, Open FAIR financial risk quantification,...

Three cargo ships loaded with containers sit in a port

Supply Chain Challenges in 2022: How Compliance and Risk Should Prepare for the Long-Haul

by Jim Yarbrough
January 13, 2022

Managing disruption in 2022 and beyond will require robust oversight and a more holistic understanding of the supply chain itself...

Illustration concept of emotional intelligence

How to Account for Emotional Intelligence in Third-Party Risk Management

by Ryan Spelman and Ryan Walker
January 6, 2022

Third-party risk management (TPRM) has grown in prominence as organizations increase their reliance on external parties, from cloud providers to...

Next Post
Managing the Workplace Ethics of Social Media

Managing the Workplace Ethics of Social Media

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance Decision-Making DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring Ransomware RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT