Being secure and being FINRA compliant are almost the same thing. FINRA’s all about protecting the customer’s information (and what happens when you can’t), which is really a matter of your cybersecurity. Whichever of the local IT companies in San Francisco you work with should be helping you stay compliant and secure – are they?
Whether you have expert support or not, the good news is that you don’t have to start from scratch on your own. FINRA has some resources available to help you develop effective and compliant cybersecurity, such as their Report On Selected Cybersecurity Practices.
Have you read and understood this resource?
Before we get to the recommended best practices, let’s examine the foundation of FINRA compliance. The bottom line is that compliance is determined by your firm’s ability to protect the confidentiality, integrity, and availability of sensitive customer information, then it means following these three regulations:
From there, we can examine the best practices that FINRA recommends…
1. Keep Data Safe Where Branches Are Concerned
Your onsite cybersecurity measures will not extend to the branch level. That’s why Written Supervisory Procedures (WSPs) are so important. They dictate exactly how branches are expected to protect data. Requirements could include:
2. Understand And Prevent Phishing Attacks
Phishing emails are typically crafted to deliver a sense of urgency and importance, tricking the user into doing what the cybercriminal wants them to. The message within these emails often appears to be from the government, a bank or a major corporation and can include realistic-looking logos and branding.
Phishing succeeds when a cybercriminal uses fraudulent emails or texts, and counterfeit websites to get the user to share their personal or business information like their login passwords, Social Security Number or account numbers. They do this to rob a user or organization of their identity and/or steal their money.
The key phishing’s effectivity is how unsuspecting the target is. The fact is that businesses aren’t learning to protect themselves, which is why the number of reported phishing attacks has gone up by 65% in the past few years.
Unfortunately, many users aren’t skeptical enough to spot a scam. In fact, more than half of all Americans say they’ve been the victim of a scam. That’s why comprehensive security awareness training is so important – it teaches your staff members to identify phishing emails and learn how to contribute to your cybersecurity.
Cybersecurity awareness training is becoming a more and more common part of modern IT services. The fact is that users are a key target for cybercriminals; the more they know about cybercrime tactics, the better defended your organization will be.
3. Make Your Users A Cybersecurity Asset
More often than anything else, security isn’t a matter of antivirus software, or unhackable blockchains, or anything else like that. The truth is that security facets like that are surface-level – what’s at the core of security?
The user. Think about it – how many times have you used a password that’s easy to remember, but not really secure enough for the information it’s supposed to protect? How often have you stayed logged in to an app out of convenience, even when it posed a theoretical security risk to the data accessible therein? When was the last time you misplaced a smartphone, or a tablet, or a laptop? If it belongs to the business you work for, have you considered what’s at risk?
This is why you need to have a carefully implemented process to track the lifecycle of accounts on your network.
4. Confirm Your Cybersecurity Effectiveness
You can’t just assume your cybersecurity is effective – you need to test and find out for sure. Penetration testing is a valuable exercise in which you let one of the local IT companies in San Francisco attempt to break through your organization’s cybersecurity defenses, determining precisely where your vulnerabilities may be.
FINRA recommends running penetration tests both on a regular basis, as well as after key events – anything really that makes significant changes to your firm’s infrastructure, staffing, access controls, or other cybersecurity-based considerations.
5. Keep Data Protected On Mobile Platforms
It’s no surprise that mobile devices are continuing to become a central and necessary part of the business world. What might be surprising is how unprepared some businesses are for that reality.
No matter what kind of cybersecurity you have in place at the office, it won’t extend to the mobile devices that have access to your data. This is a critical limitation of your cybersecurity software, and it’s obvious when you think about it – if your firewall is only installed on your work devices, but you let employees use personal devices and home workstations to access business data, then obviously you won’t be totally secure.
That’s why mobile security is so important. Maintaining mobile security isn’t just about having the right apps – it means following the right protocols, to eliminate unknown variables and maintain security redundancies:
If you really want to, technically, you can ignore FINRA’s Report On Selected Cybersecurity Practices. But it wouldn’t be smart. This resource exists to help make FINA compliance simpler. Combined with expert support from one of your local IT companies in San Francisco, you achieve a cybersecurity and compliance posture robust enough that you don’t have to worry about it.
On Time Tech can help. Our team has experience successfully completing FINRA assessments, IT Security Audits, and delivering cybersecurity best practices consulting in both private and public sector environments of all sizes. Our streamlined assessment process can guide you through becoming compliant in as little as one day – all you have to do is reach out to our team.
Like this article? Check out the following blogs to learn more:
My philosophy when starting OTT was I wanted to create a place that I would want to work at (fun and friendly.) Where there was no corporate politics and we could just do our job fixing things and helping people. We can help people with their technology and not be arrogant or condescending to people. We can actually make a difference in peoples lives and not just say it but do it.