FINRA has published a detailed review of effective information-security controls for securities firms. The report represents the newest initiative in FINRA’s ongoing effort to help broker-dealers – including small firms – further develop their cybersecurity programs.
The report investigates areas that firms find especially challenging, and covers five main topics:
- Cybersecurity controls in branch offices;
- Methods of limiting phishing attacks;
- Identifying and mitigating insider threats;
- Elements of a strong penetration-testing program; and
- Establishing and maintaining controls on mobile devices.
The report builds on a 2015 cybersecurity report by FINRA that covered the main elements of a comprehensive cybersecurity program and provided guidance to firms seeking to improve their programs.
FINRA’s 2018 report adds greater depth and detail; for example, the section on branch controls lists more than three dozen specific, effective practices across written supervisory procedures, asset inventories, technical controls and branch review programs. The section on phishing highlights how to detect such attacks, including attempts that appear to be from trusted sources such as a CEO or other executive, the company help desk, customers or friends.
To access the report, click here.