Cloudy with a Chance of Hackers?
One of the most recently discussed technological advances affecting both homes and businesses today is cloud storage. Cloud computing is becoming more and more common in business, including the financial services sector. The reasons for the recent popularity of cloud storage are obvious: Infrastructure flexibility, reduced cost and increased ease of data storage, reduced IT personnel cost, and possibly better security.
Financial services firms have been slower to jump on the cloud bandwagon than many other businesses, however, and with good reason. There is currently no single or regulatory definition of what a "cloud' is. Among the concerns shared by broker/dealers and other financial firms are security of client data, perceived compliance issues, and the loss of control of confidential and proprietary data. In the world of financial securities professionals, client confidence and information privacy is of the utmost concern. Any potential breach could be catastrophic for a firm, so using caution when choosing cloud storage and selecting the right vendor, or ensuring the right tools if creating it in-house, is critical to most firms when considering cloud storage. In addition to these issues, other concerns financial services firms have include:
- Whether or not storing data on a cloud meets regulatory and legal requirements
- Unauthorized access by third parties or associated personnel
- Reputational damage in case of a breach
- The possibility of leaked proprietary technology
- Concerns about outsourcing to and vetting third party cloud providers
- Whether or not data will be as easily accessible if it is offsite
Obviously all these issues must be taken into account when firms are evaluating whether or not to use cloud storage. Although FINRA has yet to take a definitive stand on cloud-based services to its members, it has provided guidance for firms wishing to use this technology. This month’s newsletter, “FINRA’s Guidance on Cloud Storage,” is an excerpt from FIRE’s Cybersecurity course, and includes an outline of FINRA’s suggested areas of focus for firms that are considering the move to cloud storage.
Click here for your copy of "FINRA's Guidance on Cloud Storage"
About the Course
Cybersecurity describes the importance of a cybersecurity program, beginning with FINRA's perspective from its 2014 cybersecurity sweep and subsequent Report on Cybersecurity Practices, which includes the top three cybersecurity threats. The course explores the tactics used to hack into a firm's systems and ways that firms and employees can prevent these breaches. Best practices for employees who handle confidential and sensitive information are discussed, and examples are given for the specific information that must be protected. Finally, FINRA's eight resources for developing and advancing a firm's cybersecurity program are laid out. Case studies and examples throughout the course help illustrate the need for a strict cybersecurity program.
Other Key Updates
In 2016, FIRE is releasing several new Firm Element CE courses and new FINRA e-Learning courses as they become available. For further information, consult our catalog using this link.