Work from Home has moved the front-line in cyber attacks from office desks to kitchen tables, and NFA member firms are responsible to follow the security guidelines of NFA 9070 no matter where they do business. Based on insurance claims, ransomware attacks and false-invoice scams are among the most common cyber crimes in 2020, with phishing emails and fake website links the most frequent paths for malware. The following steps will help you stay secure:
- Be very suspicious of email or website links you don’t recognize, and even be cautious of those that look familiar – it is simple for hackers to impersonate people and sites.
- Be very careful with work emails asking for urgent payments, especially if they provide new payment instructions. If you can, call to confirm.
- Turn on 2 Factor Authentication whenever possible. This sends a confirmation email or text when you login to a system, which makes it harder for hackers to break in.
- Turn on auto-updates for your systems and applications. Hackers know many people don’t bother, which means they can easily exploit known software vulnerabilities.
- Backup your critical business files on a separate system or drive, so that if one system is corrupted you still can recover the data you need to run your business.
- Know where your confidential data is stored and use encryption if you can. (Encryption is available on Windows 10 Professional systems, Mac iOS, and Linux).
Even though the financial industry is one of the most commonly attacked, some people feel their company is too small to be a hacking target. Q: Do you get robo-spam calls on your phone? It is even easier to automate cyber attacks. “They won’t find me” is not a defense, even from home
All NFA regulated firms are required to have a documented Information Systems Security Program (ISSP) that describes their security policies and controls. Per NFA 9070 these should be appropriate for the size and complexity of each business, with core elements including annual security awareness training. If you need assistance developing your ISSP or performing the required annual review of your security program, consider contacting a security consulting firm that specializes in the futures industry. Good security practices can help keep your business safe from hackers – and keep your auditors happy too.
vSEC, LLC is a cyber security consulting company. Our website offers a questionnaire for firms to self-evaluate their security program against the controls identified in NFA 9070. For more information email [email protected] or visit www.vsecllc.com