As thefts go, a cyberattack is not an easy thing to grasp. It doesn’t have much in common with the crimes we see on TV. No masked men, no get away cars. Instead it happens with a constant barrage of new malware strains, exploited software flaws and phishing scams. How can a business owner begin to even know where to start to contain a threat that they can’t fully comprehend?
The fact is, every business owner’s biggest cybersecurity threat is right down the hall. At this very moment, it is discussing the newest show on Netflix with the firm’s second biggest cybersecurity threat. Research shows that nearly two-thirds of successful cybersecurity attacks were the result of employee carelessness. The SEC, FINRA and the State Regulators know this and that is why they are expecting you to have the policies and procedures in place to control this threat. These are exactly the type cybersecurity issues that are going to be tackled by the Cybersecurity Working Group being formed by the Professional Issues Committee. The Cybersecurity Working Group intends to focus on everything participants need to do to protect client information and meet regulatory cybersecurity requirements.
9 Ways Employees Compromise Their Company’s Cybersecurity
- Stolen Laptops and smartphones.
The theft of unguarded mobile devices has been the source of numerous data thefts. Do you have a mobile device policy that requires your employees to encrypt their devices and use software to mitigate data lost due to a theft?
- Password sharing and Weak passwords
Every firm needs policies covering passwords that prohibit easily guessed passwords and the use of the same password by multiple employees.
- Physical security carelessness
You paid good money to put your server and hard copy files under lock and key. It doesn’t matter though if your employees are leaving these items unlocked.
- Fall for phishing scams
You need an email policy and a data sharing system that negates the clicking on attachments.
- Infected by Social media
Social media is a time suck and a hotbed for malware posing as amusing videos and advertisements. You need an internet policy to stop this headache.
- Not updating software
Every employee computer should be set up to update automatically. You need a software patch policy and procedures to make sure it stays that way.
- Not encrypting sensitive information
It’s hard to believe, but there are still people out there emailing unencrypted statements and forms back and forth with clients.
- Storing sensitive data on personal drives.
It may be a matter of convenience that is all too convenient for hackers.
- Not following security protocols.
The policies may be in place, but they conflict with the way the office has operated forever. Do your employees even know these policies exist? You need an employee training program to change employee behavior and improve cybersecurity effectiveness.
In the coming months, the Cybersecurity Working Group will be discussing what advisors need for cybersecurity policies that effectively control mobile devices, passwords, emails, software updates and employee training to combat such problems. The group is planning to meet once a month to learn about and discuss one specific aspect of cybersecurity and to provide input on the cybersecurity issues that other participants are encountering. There will be seasoned compliance experts participating to provide guidance and insight. Contact Brian Edstrom at firstname.lastname@example.org if you want to start getting your cybersecurity measures up to date.