The December 2022 Inside Information edition highlighting “Data Security and Compliance” showcases Brian Edelman’s recommendations of the best ways to protect your tech stack and client data from bad actors:
- Cybersecurity is its own discipline independent of IT. Maintaining separation of cyber and IT duties is the best practice for security checks and balances.
- Every firm needs to have an independent security assessment performed, including Cyber Safeguard Evidencing and Scanning (CSES) to identify vulnerabilities for remediation.
- Cyber assets must be inventoried and actively managed, including formal decommissioning when no longer utilized.
- Cybersecurity Awareness Training is key to educate advisory firm staff to prevent innocent clicks that open up security breaches.
- Active cyber program management is crucial for preventing data breaches. Firms often discover too late that breach recovery, including cyber insurance claims, is more complex than anticipated.
Cybersecurity regulation requirements have become evidence-based, to better enforce fiduciary responsibility to protect private data. When the NIST framework is followed, it supports comprehensive cybersecurity protection and positions firms to certify compliance.
“Of course, you have to meet all those cyber-related regulatory requirements, right? That means installing procedures and keeping track that you actually followed through on them, so you can show this evidence to a skeptical SEC or state auditor.” — Bob Veres, Inside Information
Bob Veres’ Inside Information, December 2022