Benjamin Franklin on Cybersecurity (sort of)

When Benjamin Franklin coined the phrase “an ounce of prevention is worth a pound of cure,” he had fire safety in mind. Cybersecurity wasn’t on anyone’s radar. In fact, radar wasn’t on anyone radar. Nonetheless, that adage perfectly captures the importance of training staff members on cyber risks today. Employee cyber awareness is based on common-sense principles that are generally easy to implement and can save a firm from massive headaches. While the technical challenges of cyber protection fall largely to the IT staff, a firm’s rank-and-file computer users stand as the front line of cyber defense. A single employee who is uninformed or careless about cyber policies and procedures can scuttle the best practices of IT, management and an otherwise diligent staff. It is estimated that two-thirds of all data breaches are caused by current or former employees. A good cybersecurity training program reinforces the obvious – use complex passwords and change them regularly, be wary of email attachments and links from unfamiliar senders, cover a webcam when not in use, etc. – but must dig deeper. It must highlight the social engineering threats employees may face, such as baiting, phishing, whaling, pharming and pretexting. It must educate staff on cyber hygiene, hacking techniques, multi-step authentication, physical security precautions, breach notification obligations… and much more. Cybersecurity training should give computer users a variety of preventative actions to consider, and each arrow an employee puts in his or her cyber defense quiver could be the one that wards off an incident. Disabling hidden file extensions could help avoid a cyber intrusion. Using a VPN to access your firm’s network could stave off a hacker. Adding biometric security could thwart a bad actor. Who needs training, and when? Basically, anyone who uses a computer in the course of their duties or has access to the physical premises of the office should be receive training. NFA-member firms must provide training for employees upon hiring and periodically thereafter, and since review of each firm’s Information Systems Security Program must be conducted every 12 months, Exchange Analytics recommends that training be provided on the same cycle. EA’s Cybersecurity Course content is updated periodically to keep pace with the changing cyber landscape. For more information on Cybersecurity, AML, Ethics, Customer Protection Rule and Identity Theft training from Exchange Analytics, click here. Chuck Frank Managing Director Exchange Analytics 847-266-7602 cfrank@xanalytics.com www.exchangeanalytics.com

Benjamin Franklin on Cybersecurity (sort of)

Stay Informed