Cybersecurity Practices Key Focus for FINRA
Submitted by: David Svrcek, Senior Compliance Consultant, Red Oak Compliance Solutions
Given the evolving nature, increasing frequency, and sophistication of cybersecurity attacks one can never be too prepared. FINRA has a page devoted to resources one might find useful in developing their cybersecurity practices.
Some of these resources include:
A Checklist for a Small Firm’s Cybersecurity Program (Excel 114 KB) to assist small firms in establishing a cybersecurity program to:
- Identify and assess cybersecurity threats, protect assets from cyber intrusions
- Detect when their systems and assets have been compromised
- Plan for the response when a compromise occurs
- Implement a plan to recover lost, stolen or unavailable assets
Report on Selected Cybersecurity Practices – 2018 is a detailed review of effective information-security controls at securities firms. The report is designed to help broker-dealers – including small firms – further develop their cybersecurity programs. The report addresses areas that firms tend to find most challenging: cybersecurity controls in branch offices; methods of limiting phishing attacks; identifying and mitigating insider threats; elements of a strong penetration-testing program; and establishing and maintaining controls on mobile devices.
In addition, FINRA has developed the Compliance Vendor Directory (CVD). The FINRA CVD is designed to give firms more options in locating vendors that provide compliance-related offerings, including cybersecurity vendors and services.
They have also assembled a list of Non-FINRA cybersecurity resources that firms may use to manage their cybersecurity risk. These resources include:
- News and analysis
- Effective practices and guidance
- Free diagnostic tools
While FINRA is careful to disclose that none of these products, services or resources ensure compliance with regulatory requirements this information can be a valuable starting point.
We help broker-dealers, advisors, investment firms, and hedge funds meet regulatory requirements, improve their compliance programs and increase ROI. We provide customized services to get your firm up and running, on-going compliance assistance, workflow software solutions and much more to keep your compliance program on track.
For more information about Red Oak Compliance software and services solutions, partnership and/or integration opportunities or to schedule a demonstration, please visit us online, email us email@example.com or give us a call at 888-302-4594.