Of all the focus areas in the recently released Finra cybersecurity practices report, one in particular caught my attention — Insider Threats. Addressing threats by insiders, like employees or consultants, can be especially challenging for advisors. Here are some key steps to can take to protect your firm.
An potential insider threat is defined as someone who has permissioned access to your systems. This could be as basic as having an email account under your organization, or as broad as having administration rights to all of your systems.
Of course, you want to be able to trust these individuals. However, there are steps to take not only to verify that your “trust” has not been compromised, but also to limit the overall risk and potential exposure.
First, create specific policies, procedures, and access rights for each insider role within your firm. There is never a one-size-fits- all approach as it relates to the permission rights. In fact, depending on the size, complexity, systems, number of employees, and other factors, firms typically have several categories or more of insider role permission rights. For example, a newer employee of your firm doesn’t need the ability to remotely log-in to the network. Nor should they have access to certain client files or private information. Therefore, a regular practice should be to actively adjust employees’ permission rights based on employees’ new, reduced or increased responsibilities.
Access Behavior A second step is to review the “behavioral” aspects of how “insiders” use your systems. For example, do they primarily access systems from the office, or occasionally log-in from home or even a mobile device? These may entail different connection points, and it’s likely you do not have the same level of control over each type of access point.
Specifically, maybe certain staff positions only require working from the office, and therefore the user credentials should not allow remote access to your systems. Not only can you control the connection points available to such an insider, but you can monitor how and when they access your systems. It could be a red flag if an employee, who rarely works outside of your main office, has a significant increase in their log-in activity from their home or other locations, or you notice logins during off hours.