How do you ensure that your financial institution is properly prepared in all aspects of Cybersecurity?
Michelle Jacko, CEO of Core Compliance℠, discusses the essentials of cybersecurity preparedness in this first episode of the CCO Buzz - Cybersecurity Preparedness.
"Welcome to the CCO Buzz. I am Michelle Jacko, CEO of Core Compliance and Legal Services, and this week's topic will be on Practical Tips for Your Cybersecurity Program.
When you think about cybersecurity, it's often a scary topic. But one of the first things that you should be thinking about are what are my risks within this area?
Many of you may have already done a cybersecurity risk assessment. This generally entails you to take an inventory of any area whereby your material non public information or client data could be at risk.
This could be in the form of your website and client portals that you are using, or it could simply be through your email, or conducting trades with your broker-dealer custodian.
Once the risk inventory list is developed, the next step would be to try to mitigate those risks. Those are generally done through a variety of different areas, including development of policies and procedures, looking at your IT infrastructure, and developing a training for your employees so that they can understand and identify cybersecurity risks.
What we are finding and what we would like to focus on today is what you should be doing in 2018. In addition to looking at the strength of your cybersecurity environment, you should be developing an incident response plan.
Many financial institutions have not yet developed a robust incident response plan.
Your incident response plan should entail a response strategy, how you will be identifying whether or not a cyber attack actually occurred, what you will be doing to limit damage, and how you will prevent any further damage from occuring.
What is most important is to identify is what is your recovery - what does that look like from a time and system reboot standpoint?
And from this experience, how do we learn from the incident, and take steps to prevent a future occurence?
When thinking about cybersecurity, think of this as a dynamic process. One that requires continuous touching and eveolution to address new cybersecurity incidents.
To that end, it is important to be aware of the regulatory requirements and what the current cybersecurity threats are.
Core Compliance and Legal Services specializes in cybersecurity preparedness. For more information, please contact us at 619.278.0020 or visit our website at www.corecls.com. Thank you.