As firms respond to the ongoing coronavirus pandemic by increasingly transitioning to remote and telework arrangements, the Financial Industry Regulatory Authority ("FINRA") issued an alert on measures that firms and associated persons can take to address resulting cybersecurity vulnerabilities:
- Measures for Firms.
Firms should take steps to ensure network security. This may
include providing employees with secure connections (through the
use of virtual-private networks ("VPNs") or secure
sessions with multi-factor authentication, for example) and
regularly evaluating privileges to access sensitive information.
- Firms should also consider training staff on how to securely connect to the firm's network from remote locations while avoiding potential scams or cyberattacks, and to alert the firm's IT support staff about potential fraudsters seeking to exploit remote work arrangements by impersonating firm personnel.
- Measures for Associated
Persons. Associated persons should utilize a secure
connection to access a firm's network and ensure that their
wireless connections use stringent security protocols, their
devices are using up-to-date software and non-default login
credentials, they are using anti-virus and anti-malware software,
and they secure their device when working in public areas.
Associated persons should also review firm policies on storage and
back-up of information, particularly where customer personally
identifiable information is being accessed on personal devices.
- Associated persons should be aware of fraudsters using the current situation as a cover for cyberattacks, for example by impersonating "Helpdesk" personnel or engaging in tradition phishing scams. They should also consider their role in a firm's incident response plan, including who they should contact and when.
The alert notes that it "does not create any new legal requirements or change any existing regulatory obligation." For additional guidance on cybersecurity considerations for firms as they respond to the ongoing pandemic, please see our prior posting on the subject.
To view original article, please click here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.