Cyber security breaches have made big news this year after one fresh faced 19-year-old singlehandedly hacked the Canada Revenue Agency and an array of naïve celebrities were left wishing they’d never taken those photos. But despite hackers hitting the headlines, a recent study by the North American Securities Administrators Association (NASAA) revealed that 37 per cent of wealth management firms don’t conduct any risk assessments to identify online threats and industry experts are saying it’s a problem that needs to change.
Time for change
Tony Browne, president of IT security company Spider Networks Inc.
, believes the first step to improving security is changing people’s attitudes. “Most businesses still have the mindset that this is not their issue and it will never happen to them,” says Browne “but the reality is every single business that uses computer systems are at risk. The only difference is the level of risk they face.”
Worryingly, 25 per cent of the firms in the study don’t have procedures in place to deal with cyber breaches and Neil O’Farrell, founder of cybersecurity firm Privide, says the other 75% have policies that “aren’t worth the paper they’re printed on.”
So how can you minimize your level of risk?
“Most attacks are against older, vulnerable software,” says J Wolfgang Goerlich, VP of consulting for online security experts VioPoint
. Keep software updated and ensure security reviews are a part of IT change management. “By making reviews a regular habit, your firm’s technology becomes more resilient with each change.”
According to Browne, firewalls are the vital front line of any firm’s defenses. Set them up correctly and add as many additional security features as you can. Many modern firewalls come with an array of invaluable add-ons such as content filtering, gateway antivirus, intrusion prevention and more.
“They can prevent and protect any size organization from being attacked along with saving thousands of dollars by reducing the overall cost of maintenance,” says Browne.
O’Farrell says companies, regardless of size, are usually the last to know if their security has been breached which is why it’s vitally important to monitor all changes.
“Have someone responsible for reviewing the system logs and activity to watch for signs of an attack,” says Goerlich. “It often takes criminals some time to break in, especially if the firm is up-to-date and has secure habits. Monitoring enables firms to stop attackers before they get in.”
NASAA’s report showed that 67 per cent of firms do not cybersecurity coverage but John Stark, managing director at computer forensics firm Stroz Friedberg
, says insurance should be a bare minimum requisite of every firm.
“Insurance coverage is like health insurance for today’s financial firms. The work streams that result after an incident could cripple a company without insurance.”
Educate all employees on the fundamentals of cyber security
and you’ll greatly reduce your susceptibility to an attack.
“Everyone in the firm has to live and breathe security,” says O’Farrell, “for smaller firms, size can actually work in their favor. The fewer people you have in the firm, the fewer weak links.”