By Oyster Consulting LLCShare Article
Who’s Listening? Your Cybersecurity is Only as Good as Your Weakest Link
Yahoo! Another security breach is in the paper – from 2014. While you are changing your passwords and security questions/answers, consider that your firm’s information security is only as good as its weakest link – and the weakest link can be something small. Even as small as a wireless mouse or the Bluetooth piece sitting behind your ear. Although many Bluetooth security issues have dissipated over the last few years, no software has zero security vulnerabilities.
Breaches can be as simple as eavesdropping to software that pairs with a user’s wireless mouse, which could then act like it were the wireless keyboard, and allow an attacker to take control of the entire machine and system where the user is logged in.
Technology has become a vital component of the financial world. Mitigating the risk of a breach, whether by cyber criminals, or careless employees is critical to keeping your firm and your clients safe.
What You Should Do:
Firms should perform a technology risk assessment to determine the greatest areas of risk, and create and update data security policies, procedures and practices around those risks. Training and education of firm staff are also vital in helping to keep your firm’s data secure. Oyster can perform a comprehensive information security review including:
- Formal risk assessments
- Systems management and supervisory responsibilities
- Access controls procedures and process documentation
- Physical and data security policies, procedures and practices
- Internal and external user monitoring
- Procedures for change control, release management and implementation of ongoing enhancements
- Vendor selection and due diligence
- Disaster Recovery, Data Recovery and Business Continuity Management
- IT program for managing application security, external/internal penetration and vulnerability assessments
- Business and technology incident response protocol and procedures
- Review your firm’s technology governance and Software Development Life Cycle (SDLC)
- Education and training
The Oyster Difference
Oyster has the background and perspective to help you build and enhance the information security program that is right for your firm. We are the right partner to help you bridge the gap where business and technology meet, ensuring that you have the resources to understand the threats and the ability to protect yourself.
Whether you are looking to change from self-clearing to fully-disclosed (or vice-versa), exploring your clearing options or starting a broker-dealer, Oyster can assist with the assessment, analysis, vendor selection and conversion processes.Download