FINRA Issues Report on Best Cybersecurity Practices
The group highlights five areas of focus, such as how to limit phishing attacks and how to implement controls on mobile devices.
The Financial Industry Regulatory Authority has shared its Report on Selected Cybersecurity Practices — 2018 to help broker-dealers more effectively review and implement security controls.
The latest report builds on information and advice collected in the 2015 cybersecurity report. It provides more depth and detail on topics such as phishing by reviewing ways to detect attacks, even those that seem to be from trusted sources like a CEO or helpdesk staff.
On some topics like branch controls, the publication lists specific best practices to consider. It also includes an appendix regarding core cybersecurity controls for small firms.
“Securities firms rate cybersecurity as one of their top operational risks, and our new report addresses areas that firms tend to find most challenging,” according to David M. Kelley, surveillance director, member supervision in FINRA’s Kansas City office.
FINRA’s 19-page report highlights the following five topics:
- Cybersecurity controls in branch offices;
- Methods of limiting phishing attacks;
- Identifying and mitigating insider threats;
- Elements of a strong penetration-testing program; and
- Establishing and maintaining controls on mobile devices.
A cybersecurity report from the antivirus software maker Norton found 143 million U.S. consumers were victims of cybercrime with total losses of $19.4 billion in 2017.
Furthermore, a recent poll funded by the insurance firm Aon found that of the 5.3 million high-net-worth individuals in the U.S., 77% are more concerned about the cybersecurity risks affecting their personal finances than traditional wealth management challenges, such as market volatility (60%) or changing interest rates (39%).
“There is no one-size-fits-all approach to cybersecurity, so FINRA has made a priority of providing firms with reports and other tools to help them determine the right set of practices for their individual business,” said Steven Polansky, senior director, member supervision in FINRA’s Washington, D.C. office.
More resources, as well as a podcast and video based on the 2018 report, are available at FINRA.org’s cybersecurity topic page.