Financial industry executives have a unique responsibility to protect investors and proprietary firm information from compromise.
- Form a cyber-security committee to design, implement, and oversee day-to-day cybersecurity compliance efforts. Calendar regular reports and reviews to assess the activities and effectiveness of the team.
- Educate yourself on Information Security: Research and understand various types of cyber-security threats. Speak with industry colleagues about what firms are doing to protect themselves. Make assessing cyber threats and solutions a regular part of the business cycle.
- Know the plan. Read and keep a copy of information security policies handy. Make sure you thoroughly understand what to do in the event of an attack. Prepare as if an attack will happen one day, because chances are it will.
- Review the plan regularly to make sure it remains relevant and up to date with current threats and trends.
- Test the plan. Ask IT and other professionals or staff to try and break through the systems to see where the weaknesses are. Run surprise or mock tests on your staff to see how they measure up on policy and procedures.
- Work with professionals to identify security issues and industry trends. Audit procedures and conduct forensic investigations following a breach or at regular intervals.
- Supplier Due Diligence. Vendors and suppliers have their own management weaknesses that present a threat. A motivated hacker may find their way in to your company records through an unsecure supplier system or other means. Test supplier and vendor portals for weaknesses and make sure the staff alerts appropriate parties of anything unusual.
- Prioritize the security to do list Some risks are naturally greater than others. Get an understanding of which efforts require the most resources and match them up with level of threat. Handle items that pose the greatest risks first. Set aside some time for simple fixes and plan for long term solutions.
- Create a cyber-secure culture Make certain all staff has a clear understanding that cyber-security is needs are taken seriously. Ask them to consider cyber risks when hiring staff, adding new customer accounts, and establishing business partnerships.