In the wake of the brutal data breaches enterprises suffered in 2014, industry regulators have been creating stricter compliance standards and increasing the frequency of cybersecurity audits. Regulations are changing in practically every sector, but the requirements for financial institutions are becoming especially severe due to large scale attacks on banks and brokers last year. Because of this, advisors and investors are scrambling to find a way to address their technological shortcomings and protect client information from an ever-worsening threat environment.
“Especially this year, when the SEC and FINRA released their guidelines, cybersecurity has been a heightened area of conversation,” said Neal Quon, co-founder of financial technology consulting firm QuonWarrene. “There’s a lack of a standard. It’s the minimum of what you can do today to respond to a threat. You have to be nimble to respond to every evolving threat.”
Driving this race to compliance are the changes made by the Security and Exchange Commission’s Office of Compliance Inspections and Examinations. The new guidelines require the office to take into higher consideration the quality of a firm’s technical infrastructure. The agency is quick to point out that these changes mean they aren’t messing around when it comes to security. Vincente Martinez, chief of the SEC’s Office of Market Intelligence, said that the Commission will be levying action via Regulation S-P against organizations that don’t comply. The Financial Industry Regulatory Authority has said they will be levying actions under the same rule, as well as FINRA Rule 2010.
Knowledge of cyberthreats key to increasing protection
Industry experts believe that what is most necessary to make a change in the cybersecurity of financial institutions is a fundamental understanding of the risks that face their businesses everyday. William French, vice president of risk management at Fidelity Investments, said that firms must make a point to learn about current cyberthreats and share that information with their clients. Hackers are now using sophisticated phishing schemes that target customers as well as employees, so everyone involved needs to be aware of the risks.
Utilizing a layered security approach is one of the most reliable ways to ensure data protection and help to educate staff members about proper security methods. Employing a whitelisting solution like Faronics Anti-Executable as part of a layered security strategy allows businesses to block any unapproved application from being run and keeps business-critical hardware safe from infections. Current system updates are also easily managed with the program, doubling the amount of protection an organizations receives,