FINRA has issued a report on cybersecurity best practices to assist firms in the development of their cybersecurity programs. FINRA notes that it continues to see “problematic cybersecurity practices” during examinations and that firms identify cybersecurity as a “primary operational risk.” The report focuses on strengthening cybersecurity controls in branch offices, ways to limit phishing attacks, how to mitigate insider threats, the elements of an effective penetration testing program, and adequate controls for mobile devices. The report also includes an appendix that lists core cybersecurity controls for small firms including patch maintenance, access management, vulnerability scanning, and email protection.
The 19-page report does a good job describing every cybersecurity nightmare scenario, which may be instructive for those C-suite executives still in denial. The best part of the report is the small firm appendix that focuses on key issues.