FINRA offers RIAs a basic checklist for your cybersecurity. The FINRA Small Firm Cybersecurity Checklist should be your starting point to identify what you’re doing well and what needs improvement to protect your firm and customer data.
The checklist is a spreadsheet you can use to begin to identify some of your risks and protected assets. Your IT services provider should be able to help you with this.
The spreadsheet includes tabs for:
- An inventory of your risks including personally identifiable information (PII) and other sensitive information your firm stores, uses, or transmits
- How your can minimize the use of PII and other sensitive information
- If your firm shares PII or other sensitive information with third parties and how you manage that securely
- What your firm is doing to protect PII and other sensitive information such as password protection, malware and antivirus protection, and other solutions such as firewalls
- An inventory of your systems and what you have in place to secure them
- How you use encryption to protect PII and other data
- An inventory of your devices and how they’re secured
- How you control access to your systems and data
- How you provide cybersecurity training for staff
- What you have in place to detect risks
- Details of your Intrusion Detection System and Intrusion Prevention System
- Your response plan in the event of an incident
- What you have in place for recovery after an incident
Another great tool to assess your security is the Microsoft Secure Score. If your firm uses Microsoft, this is a free tool available to you. We have more information on how your can check your RIA’s Cloud Secure Score.
Here’s the direct link to the FINRA Small Firm Cybersecurity Checklist