The Financial Industry Regulatory Authority (FINRA) has offered a detailed review of effective information-security controls at securities firms via its Report on Selected Cybersecurity Practices – 2018.
“Securities firms rate cybersecurity as one of their top operational risks, and our new report addresses areas that firms tend to find most challenging,” David M. Kelley, surveillance director, Member Supervision in FINRA’s Kansas City office, said.
The report addresses cybersecurity controls in branch offices, methods of limiting phishing attacks, identifying and mitigating insider threats, elements of a strong penetration-testing program, and establishing and maintaining controls on mobile devices.
The new report builds on a 2015 FINRA cybersecurity report covering the main elements of a comprehensive cybersecurity program, providing guidance to firms seeking to improve their programs while the 2018 report adds greater depth and detail.
“There is no one-size-fits-all approach to cybersecurity, so FINRA has made a priority of providing firms with reports and other tools to help them determine the right set of practices for their individual business,” Steven Polansky, senior director of Member Supervision in FINRA’s Washington, D.C. office, said.
FINRA is a not-for-profit body dedicated to investor protection and market integrity while regulating one critical part of the securities industry – brokerage firms doing business with the public in the United States.