How investment dealers can mitigate cyber risks

Certain measures need to be put in place to help firms protect clients

How investment dealers can mitigate cyber risks
While the Canadian Securities Administrators’ (CSA) recent staff notice on cybersecurity and social media highlighted its concerns around cyber risks, investment dealers and advisors still have to do their part to protect themselves.

A commentary piece by Max Muñoz and two other industry experts from Gowling WLG enumerated several ways on how investment dealers and advisors can deal with cyber threats.

Munoz said while there is no one-size-fits-all model for a cybersecurity infrastructure, there are important measures advisors and dealers should employ.

For starters, they should be able to prioritize and mitigate risks in cases of cyberattack through good governance and a risk assessment framework.

"This requires leadership at the board and senior management levels in order to identify critical assets and put in place systems and policies in order to protect these," the authors said.

One suggestion, as stated by the Investment Industry Regulatory Organization of Canada (IIROC)'s best practices guide, is the appointment of someone to oversee the cybersecurity efforts within the organization.

The ‘Chief Information Security Officer’ will be assigned to periodically conduct assessments of certain processes involving confidential and sensitive information. The said officer will also be in-charge of examining security controls and policies to protect such information from cyber threats.

"In this day and age where employees are often using personal devices to access dealer networks, as well as frequently working from home, this may include a review of controls associated with remote access, customer logins, passwords, firm protocols to address customer login problems, network segmentation, and tiered access," the authors explained.

As it turns out, nothing beats training employees. Alongside the review of access rights and controls, dealers have to make sure that their employees recognize practices that may compromise security.

Lastly, investment dealers have to develop an incident response plan. This will be especially helpful in establishing future containment and mitigation strategies and recovery plans.

"The continued and increasing reliance on technology, the interconnectedness of the financial sector, as well as the critical role that financial institutions play in the overall economy puts investment dealers at the forefront of those who should be vigilant and ensure preparedness," the authors concluded.

Related stories:
Canadian firms lag in cyber breach detection
Expect increased focus on cybersecurity in 2017