During recent compliance audits, the OSC has been inquiring into registrants’ cybersecurity practices. We expect that cybersecurity will be an area of regulatory focus in the coming months. Also, did you know that the financial industry is the number one target industry for cyber criminals (source: Deloitte)?
To help you stay ahead of cybersecurity risks, strengthen your systems to manage these risks appropriately, and have your answers ready when the regulators call (and simply for good business practice), we have outlined some considerations and questions:
- Education of staff on recognizing and avoiding cybersecurity threats to the firm, and protecting confidential information
- Understanding service provider cybersecurity risks and how they are addressed
- Structured governance procedures over cybersecurity risk controls
- Encryption policies and procedures for computers and devices
- Sources of guidance and best practices (e.g., industry associations and recognized information security organizations) that firms follow
- Business interruption contingency plans in the event that a cyber attack damages a firm’s critical infrastructure
- Policies and procedures for accepting instructions to withdraw or transfer funds via electronic means
- Types of IT safeguards that firms employ
In addition to preparing you for a compliance audit, being able to identify and manage your firm’s cybersecurity risks is critical to safeguarding confidential information (such as your clients’ personal and financial information) and protecting your firm’s reputation.