Identify Location of Confidential Information
Conduct an internal assessment of the location of confidential information and who might have access.
Conduct an internal assessment of the location of confidential information and who might have access.
Passwords should be specific to each employee and should require updating on a periodic basis. Also, make sure to shut down access for exiting employees.
The IT function should add intrusion monitoring as part of the virus and security protocols. Also, IT should report multiple log-in failures.
Also, create a hardware environment that makes it difficult to use such media.
Only firm-approved and encrypted devices should have access to the network/system.
Hire an IT firm to perform a vulnerability assessment and conduct penetration testing.
Ensure vendor selection includes cybersecurity due diligence. Create an ongoing monitoring and reporting system.
Add cybersecurity as an agenda item to every management and compliance meeting and include reports from IT and Compliance.
One person should own cybersecurity compliance across the organization, whether that person resides in IT, Compliance, or Operations.
The response plan should include required notices to clients and regulators and how to patch vulnerabilities.
Determine if a cybersecurity insurance policy will protect the firm against a catastrophic event.
Develop policies and procedures governing all of the above and annually test whether they are being followed. Also, ensure ongoing employee training.