External IT Releases Whitepaper Identifying Most Common Cybersecurity Deficiencies in the Financial Advising Industry
- The paper, "Financial Services Firms Face Further Scrutiny of Their Cybersecurity Practices: Is Your Firm Ready?” identifies structural deficiencies in how financial firms manage their cybersecurity efforts, and targeted solutions to fix them
- Lack of an official security information security policy, employee’s using personal devices and no or inadequate business continuity plans are the three top issues facing firms today
External IT, a provider of unified cloud computing solutions to financial services clients, has released a white paper entitled "Financial Services Firms Face Further Scrutiny of Their Cybersecurity Practices: Is Your Firm Ready?” identifying structural deficiencies in how financial firms manage their cybersecurity efforts, and targeted solutions to fix them. The paper is specifically designed to help firms prepare for the next round of testing by the SEC’s Office of Compliance and Examinations (“OCIE”), which the agency announced in a recent alert.
Having provided more than 100 security assessments to wealth management firms, External IT has identified 3 key areas where financial cybersecurity is sorely lacking. First, firms tend to lack an official security information security policy and proactive auditing of IT and IT security. Second, the firm’s employees are often able to move company data to personal and home devices, with no accountability or tracking measures in place. Finally, firms tend to lack any kind of disaster recovery or business continuity plans in place in case of emergency.
"IT and IT security are as equally important to financial services firms as compliance and making a profit for clients”, says Justin Kapahi, Technical Director for the Financial Services Practice at External IT. “Hackers consistently target financial firms more than any other type of business. Advisors owe it to their clients to keep them safe and give them the peace of mind they deserve.”
According to External IT, vigilance is key in not only identifying potential data breaches, but in responding swiftly and purposefully once it does. At present, firms tend to either delegate IT responsibilities to the Chief Technical Officer, or hire an outside consultant, both of whom are often ill-informed and reactive, rather than proactive. This sets a firm up for trouble. In fact, External IT identifies an uninformed employee as the biggest threat to cybersecurity.
The paper also highlights that many financial firms don’t properly vet third-party vendors before taking them on, or use ones with inadequate technology. Examiners may study a firm’s vendor relationships, assessing the appropriateness of contract terms and how much oversight the firm applies to vendors. Firms need to keep records of the software and data that vendors can access. This even applies to vendors hired to mitigate cybersecurity risks.
“In addition to needing an IT partner that has deep technology expertise, financial firms require one that services the financial sector and has already built a system that meets today’s regulatory requirements and challenges,” said Kapahi. “Such a partner can be relied upon to keep systems running, as well as assist firms with remaining compliant and responsible.”
After developing the first commercial Cloud Desktop, External IT’s founders established the company in 2002 with an idea that was ahead of its time, helping drive the firm to become the industry standard in cloud computing. Whether accessing External IT through a pre-packaged platform or through a professionally customized configuration directly through the firm, advisors can count on security without being limited by hardware, geography or application set, so they can focus on their clients.
To read the whitepaper in its entirety, which outlines what firms need to do to keep their clients’ information secure while being compliant, please visit: http://info.externalit.com/ocie-alert-response-cyber-security-whitepaper-download
For media inquiries, please contact firstname.lastname@example.org.
Jason Lahita -- 973-460-7837, email@example.com
Nabil Ashour -- 917-210-0099, firstname.lastname@example.org
About External IT
External IT is a leading provider of unified cloud computing solutions to Financial Services Clients including RIAs and Broker Dealers. The company's cloud-based solution is delivered via its unique OS33 Cloud Desktop platform, which provides all of a user's applications and data simply in one place. The company offers integrated managed services that provide everything from end user helpdesk to data migrations, nationwide on-site assistance, and remote management of clients' networks. Founded in 2000, External IT has been delivering IT services for nearly 15 years and is a recognized innovator and pioneer in the cloud computing space. For more information, visit www.externalit.com.