Product tabs

Overview

Am I Security Aware?
The security environment in which our customers operate is critical. The Financial Conduct Authority (FCA) and the U.S. Securities and Exchange Commission (SEC) are tightening their controls on the security processes at investment firms. If you answer ‘No’ to any of these 10 security questions, your organisation is at risk of a potential cyber-attack.

Security Questions:
1. Security Risk Assessment
Have you carried out a comprehensive Security Risk Assessment in the last 12 months, in line with best practice (SEC or ISO 27001)?

2. Baseline Security Policy
We would recommend as part of best practice to apply a baseline domain security policy such as minimum password complexity, removing users from local admin groups, and hardening security on servers and desktops. Do you have a baseline security policy?

3. Patching Servers, Workstations and Antivirus
Now more than ever, servers and workstations need to be patched with the latest operating system and application security updates in order to protect your data from current threats. Threats are not just limited to Windows, but also Java, Adobe, etc. Are your systems up-to date? At a minimum, antivirus software is essential. What version(s) are currently running, and are they monitored and up-to-date?

4. Mobile Device Management (MDM)
With more and more users accessing confidential information through smartphones and tablets, it is important to implement mobile device management for both secure email/application delivery and fleet management. Do you manage your organisation’s mobile devices with an MDM solution?

5. Penetration Testing
Having external penetration tests every 12 months validate the current security environment and help understand security vulnerabilities. Have you had a penetration test carried out?

6. Employee Security Awareness
Security is not just limited to technology, it’s also people and processes. Regular security awareness training acts as a valid part of cybersecurity protection. Do you have security awareness training for staff?

7. Controlling Staff Access
Do you control or even know what staff access? USB drives, personal email accounts such as Gmail or Hotmail, Facebook, etc.? All of these examples can deliver risk or other data leaks. Review your joiner/mover/leaver process.

8. Regular Backups and Testing
Data protection is not just before the event. If you suffer an attack such as CryptoLocker, how do you recover? Make sure backups are in place and restore regularly. Do you carry out regular tests?

9. Business Continuity and Disaster Recovery Planning
Do you have a Business Continuity (BC)/Disaster Recovery (DR) plan in case the worst scenario occurs (fire, flood, etc.)?

10. Offsite Email Archiving System
Compliance is no longer a ‘nice to have’. All financial firms must store email communications for a number of years. If you needed to access them, could you do so easily?

Instant Quote

Ask a question

Get in touch. Complete the form below.

Resources

Fill in the form to download the Security Awareness information pack.

*We will not sell your data, but we may market to you

Download Now