12 Solid Cybersecurity Steps for All SEC Registered Firms

Step 1: Install and maintain a firewall to protect data.

Step 2: Change default (vendor supplied) passwords on all firm devices and systems.

Step 3: Encrypt all hard drives.

Step 4: Encrypt transmission (internal or external) of client data.

Step 5: Use AntiVirus and Malware detection software on all devices. Use VPN services for all mobile devices.

Step 6: Use only systems that allow for 2-factor authentication (Yubiko key, Google Authenticator, etc).

Step 7: Restrict access to data only to those who need it to function in their jobs.

Step 8: Assign unique usernames to all employees who accesses your client’s data. No sharing of passwords.

Step 9: Restrict physical access to the data. Lock your office, enable mobile wipe, etc.

Step 10: Monitor and log all access to data and network resources.

Step 11: Perform Vulnerability scans on systems quarterly.

Step 12: Documentation is EVERYTHING!

Leave a Reply