"The financial sector spent $90 billion on cybersecurity [in 2017],” John Ortman wrote for NAPA-Net.org.
Cybersecurity, or “…a set of techniques used to protect the integrity of networks, programs and data from attack, damage or unauthorized access,” (paloaltonetworks.com) is more crucial than ever in the financial industry where billions of dollars in assets are on the line.
Despite the increased security investments made, we are still seeing significant security breaches in the financial services industry.
Steve Morgan, contributor for forbes.com wrote, “Infosecurity Magazine stated that financial services firms are hit by security incidents a staggering 300 times more frequently than businesses in other industries.”
What Can Your Company Do to Boost Your Cybersecurity?
- Educate Employees on Basic Preventative Measures
- Regularly Assess Company Solutions to Keep Your Defenses Strong
- Develop a Strategy for Managing Your Third-Party Solutions
Phishing, spear phishing, and malware attacks… these are just a few strategies that can cause serious grief for your organization (rapid7.com). Do your employees know how to recognize and respond to targeted cyber-attacks?
Various online training courses and drills can be utilized to prepare employees for real-world threats.
In his article for Inc.com, Shawn Freeman advises that companies continue to research new preventative solutions. Limiting your company’s cyber defenses to a handful of systems implemented a few years ago can leave gaps in your company’s security as new research comes to light. The bad guys aren’t taking a break and neither should your company.
Freeman also recommends tracking IT costs to aid in the evaluation and subsequent elimination of any unnecessary expenditures. Best practices will shift over time as innovation leads to new technologies and available services.
Do you remember the popular adage “out of sight, out of mind?”
Hopefully this isn’t the case with your third-party solutions. They are a point of access to your company and therefore represent a security threat. One solution is a third-party risk management platform.
“Third-party risk management (TPRM) platforms are emerging to guard against attacks that originate in an organization’s supply chain,” Steve Earley wrote.
Earley’s article lists several steps to prepare for a TPRM such as: determining who your “high-impact vendors” are, recognize which of your assets are vulnerable to a cybersecurity breach, and evaluating vendor “cybersecurity hygiene”.
Before we do business with our third-party vendors, a representative from ABGRM will send them a vendor due-diligence questionnaire. This helps us to ensure that our data will be responsibly managed.
These points are just a few cybersecurity “best practices”. What follows is a brief overview of ABRM’s internal and external cybersecurity measures.
What Is ABGRM Doing to Protect Your Data?
“We take a multi-layered approach to cybersecurity,” said Nick Stucko, ABGRM’s lead software developer.
Since November, we have implemented multi-factor authentication (MFA) on our website. MFA, sometimes referred to as two-factor authentication or 2FA, is a security enhancement that requires users to present two pieces of identity verification when logging into their account: their login credentials + access PIN delivered via email or SMS text message.
In addition to these MFA methods, we have also introduced Google Authenticator. Click here to learn more.
ABGRM is SOC certified and runs annual cybersecurity tests to ensure that its preventative measures are working properly.
ABGRM staff receive quarterly cybersecurity training through our partnership with KnowBe4. Staff members are frequently tested on their knowledge through quizzes and stimulated phishing attacks.
As mentioned previously, cybersecurity is all about protection of YOUR data! We utilize the vendor due-diligence questionnaire to review the security of our third-party solutions.
Internally, we have implemented safe handling and disposal practices for digitalized and printed information.
ABGRM’s cybersecurity practices are outlined in more detail in the “Written Information Security Program” or “WISP”.
WISP is based upon the NIST Framework for Improving Critical Infrastructure Cybersecurity. The Framework was created following President Obama’s executive order in 2013, and “provides a risk-based approach that enabled rapid success and steps to increasingly improve cybersecurity maturity,” according to ABGRM’s “Written Security Information Program 2019”.
If you would like to learn more about what ABGRM is doing to keep your confidential data secure, send an email to your CSM. We’d love to hear from you!