Data breaches hit a record high in 2017, and the names of some pretty big financial services firms were splashed across the headlines. But don't kid yourself - its actually the smaller companies who are more at risk.
In the past, smaller organizations typically didn't put much thought into cybersecurity, and hackers knew it. Over half of cyber attacks in 2016 were targeted at small to medium businesses.
Correspondingly, the number one reported concern of financial services firms is how to protect their customer records from attack.
This isn't suprising - at best, a customer database compromise means a stop to critical activities. At worst, it could mean a complete collapse of the organization if clients lose trust in the firm's ability to keep personal data protected.
The good news is a business of any size can have access to a full cybersecurity arsenal through outsourced IT services and support from a reputable IT services provider.
The bad news is the top vulnerability for a financial services firm is less likely to be tied to technology, as it is to the humans who use it - employees are the weakest link!
Given that reality, here are seven best practices to reduce your cyber risk:
- Educate your team. We can't stress this enough. Information security is the responsibility of everyone in the company. No matter how well your perimeter is protected, at the end of the day it's people clicking and downloading that pose the biggest threat. You can start by reading our end user training "How to Make Yourself Hard to Hack" or contact us for on site training.
- Ensure leadership buy-in. Execs need to be plugged in on the topic and aware of the risks. Presentations to your board or leadership team, including meeting minutes documenting their participation, can help protect the firm from liability if problems arise.
- Create an ongoing Security Awareness Program. Training is not just one and done. Work it into your new hire training, team meetings, company meetings or newsletters - everywhere you can think of. You might also consider making all employees read and sign an annual agreement to comply with your cybersecurity efforts.
- Test employee awareness and compliance. There are a number of tools available that simulate a phishing attack so that you can use the results as a training exercise. There also various web sites that can help you conduct the tests, but be sure to reach out to us if you need assistance.
- Stay current with software updates and security patches. Using outdated software and/or not applying patches can lead to serious problems, making you much more susceptible to cyber attacks. If you don't utilize an automated monitoring and management service that proactively keeps you up to date, you're asking for trouble - humans invariably get busy or forget.
- Protect your customer database with two-factor authentication. Often referred to as "2FA", this is a security process that requires the user to provide two authentication factors to verify they are who they say they are. This typically means a user enters their name and password to gain access, and are sent a one-time text message to their smart phone with a code that must also be entered.
- Do not forget about mobile devices. All of us now have powerful little computers in our pockets with access to almost everything, including sensitive company information. Every organization should create, document and enforce mobile device policies.
If you are interested in learning more about data security, be sure to read our latest ebook aimed at the non-technical professional - "Balancing Act: How to Keep Your Data Safe Yet Accessible."