Recently I joined a colleague of mine, Zohar Swaine from Mink Hollow Advisors, in Washington, D.C. to speak at IA Watch’s Cybersecurity for Financial Services about the precautions all financial service companies should be taking to prevent data loss.
One thing that really made an impression on me was a statement made by one of Equifax’s lawyers. He brought up the idea that as a financial firm, you must always be prepared. And if something goes wrong…you must have a defensible stance. It was an interesting perspective, and one that has a lot of merit.
If something goes wrong—will your firm have a defensible stance?
In today’s ever-changing online environment, chances are something will go wrong—especially if you’re not doing enough to prevent it. (There were 35 breaches per second in 2016!) Phishing emails get clicked on by employees. Incidences of data-risk occur regularly. How severe these issues become depends largely on the procedures you have in place, how precisely they’re implemented, and how quickly you respond.
Protecting your clients’ data is of the utmost importance. Yet even when you’re doing a lot to prevent data-risk, it can still happen. And if hackers do find their way in…protecting your firm is also important.
What are the policies/procedures to prevent, detect and correct issues that may arise?
How are you actively implementing those procedures?
What are the controls around these procedures to make sure they’re consistently enforced?
If something goes wrong, you need to have a defensible stance. You must be able to prove that you’re actively managing your procedures in accordance with your policies. You need a life boat. (And like we mentioned before, don’t leave your lifeboat on the shore.)
For example, if you have notifications set up about viruses—and you receive one—but don’t do anything about it…and then the virus results in a data-breach…the buck stops with you.
Every action you take when it comes to technology leaves a trail of crumbs.
Are you doing everything you can to prevent a breach?
If need be, can you prove it?
At RSS, we will make sure that you are covered. Let’s talk about how we can use technology to mitigate risk for your clients, and your firm.
Active monitoring and implementation of cybersecurity protocols and procedures using leading edge technology keeps your business and your data safe and secure.