12 Steps for an Exam-Proof Cybersecurity Plan

THINKAdvisor and Cipperman Compliance Services released steps to help advisors and BDs tackle cyber compliance - all of which are included with an Advisor Armor subscription.

Identify location of confidential information: Conduct an internal assessment of the location of confidential information and who might have access.

The On Boarding Process from Advisor Armor identifies and documents the profiling of existing data, operating technology and work processes.

Restrict access: Passwords should be specific to each employee and should require updating on a periodic basis. Also, make sure to shut down access for exiting employees.

Advisor Armor helps implement and document Password Policies which are both achievable and consistent with Industry Best Practices.

Monitor for intrusions: The IT function should add intrusion monitoring as part of the virus and security protocols. Also, IT should report multiple login failures.

Advisor Armor assists and documents the methods in which IT accomplishes and supports network intrusions, failed logins and other Threat Awareness Tools

Prohibit removable storage media. Also, create a hardware environment that makes it difficult to use such media.

Advisor Armor documents and advises on high risk practices such as removable media, file transfers, mobile device usage and more.  

Limit devices. Only firm-approved and encrypted devices should have access to the network/system.

Advisor Armor inventories technology assets, documents management and utilization of such, and guides firms to practical and safe usage.

Test vulnerability. Hire an IT firm to perform a vulnerability assessment and conduct penetration testing.

Advisor Armor conducts and evidences data security assessments and network vulnerability scans as part of the normal coverage.

Evaluate vendors. Ensure vendor selection includes cybersecurity due diligence. Create ongoing monitoring and reporting system.

Advisor Armor inventories physical and electronic vendors as well as provides the expectations in writing for such in case of data security incident.

Report to Management. Add cybersecurity as an agenda item to every management and compliance meeting and include reports from IT and Compliance.

Advisor Armor's dashboard allows secure access to manage and evidence all aspects of coverage.

Appoint somebody accountable. One person should own cybersecurity compliance across the organization, whether that person resides in IT, Compliance, or Operations.

Advisor Armor identifies roles and responsibilities related to data security along with the ongoing education and awareness platforms needed to address the human error vulnerabilities.

Create response plan. The response plan should include required notices to clients and regulators and how to patch vulnerabilities.

Advisor Armor develops the Incident Response Plan and executes the management of such on behalf of clients.

Consider cybersecurity insurance. Determine if a cybersecurity insurance policy will protect the firm against a catastrophic event.

Advisor Armor evaluates the monetary risks on behalf of clients.  Cyber Insurance Policies, should they be desired, are available at a discount to Advisor Armor members.

Implement policies and procedures. Develop policies and procedures governing all of the above and annually test whether they are being followed. Also, ensure ongoing employee training.

Advisor Armor develops, tests, and monitors the entire dossier of Policies and Procedures on behalf of clients.
Mark Brown