- Conduct a periodic assessment that examines:
- The nature, sensitivity and location of information that the firm collects, processes and/or stores, and the technology systems it uses
- Internal and external cybersecurity threats to and vulnerabilities of the firm’s information and technology systems
- Security controls and processes currently in place
- The impact should the information or technology systems become compromised
- The effectiveness of the governance structure for the management of cybersecurity risk
- Implement a cybersecurity strategy though written policies and procedures, such as a written information security plan (“WISP”)
- Deploy cybersecurity software and tools to detect and protect against cyber-intrusions and other malicious activity
- Provide cybersecurity training and awareness to employees
- Consider cyber-insurance policies
The above advice is an excerpt from the April 27th Webinar from MyComplianceOffice, co-hosted by Charles Lerner of Fiduciary Compliance Associates and John Roth of Venor Capital Management. To see more takeaways from this webinar session, download the slides.
Not a regular subscriber? Sign up while you’re here.
Don’t miss another Webinar! Join MCO and Frontline Compliance on May 19th as we take a deeper dive into the Compliance Officer’s Changing Role with Technology.