The Texas State Securities Board has published resources to assist state-registered investment advisory firms and other registered professionals in developing and strengthening cybersecurity plans.
“Cyberattacks are on the rise, and their scope and complexity mean state-registered professionals should analyze the array of risks they face,” said Texas Securities Commissioner John Morgan.
The cybersecurity resources include planning guides from regulatory agencies and industry groups to help firms broadly identify the risks related to cybersecurity, protect firm networks, assess the risks of access to client information, and implement procedures regarding third-party vendors.
Most important is the question of how everything ties together to help firms protect their ultimate constituency: their clients.
Besides these cyber-planners, the resources cover:
- The ongoing process of risk assessment, both internally and with outside vendors, including protecting networks from rapidly escalating threats such as ransomware;
- An incident response plan to help make more informed decisions during the stress of attack;
- The use of encryption to protect underlying data even if there is a cybersecurity breach;
- Anti-virus protection to identify viruses and malware;
- Securing electronic mail to prevent cyber-criminals from taking over a client’s account;
- Data backup and retrieval to mitigate the risk of theft of information or recovery from a disaster;
- Cloud computing, which is accessing data over the Internet from remote servers;
- Protecting a firm from disgruntled employees who may engage in cyber-sabotage;
- Maintaining a secure website;
- Considerations regarding the purchase of cyber-insurance.
Firms may consider some aspects of cybersecurity as more important to their operations than others, but these suggested resources can assist firms in evaluating a wide range of general security policies.