Mitigating Cyber Risks and Managing Compliance in Financial Services

Financial services organizations have a lot to contend with now that business offices have shifted to home offices – from regulatory compliance to cybersecurity to adopting the cloud. 

Cyber risk in a new business model

Broker-dealer firms, investment advisory firms and insurance companies typically have a centrally located corporate headquarters and a network of branch offices staffed by independently registered representatives. The corporate entity is responsible for protecting the company by enforcing applicable compliance policies and data security practices across branches and for each registered employee.
The pandemic changed that traditional corporate configuration. Independent branches and corporate offices have moved to a distributed environment. This has required significant changes in technology and process. Because of the sensitive nature of their business, financial organizations were previously closed environments, restricting data management to on-premises environments and sometimes not even allowing remote internet access. When the world changed, they needed to allocate remote system access and secure networks overnight. 
To allow business continuity in the short-term, some firms made local changes to the way they secure their networks. Without considering the broader implications, this opened these organizations up to regulatory and cyber risks. An increase in cyber attacks has made this interim approach unsustainable. Organizations are having to rethink their entire technology infrastructures.

Resistance to cloud technology 

Legacy technology systems persist in financial services – tools developed many years ago when business was conducted inside offices and less online. There are a couple reasons for this: outdated ideas about data security and management, and rightful concerns about regulatory compliance. 
Outdated ideas about data security and management: Legacy business technology was not designed for today’s connected world. When these tools were developed, there wasn’t a need to configure security for internet exposure because all systems and networks were managed on-premises. Plus, migrating to the cloud can be a resource-intensive endeavor, and security could be compromised in the process. 
But the reality is that today, client data and business resources need to be accessible remotely. It requires significant technical upgrades, but also a change of mind – giving up the idea that you must have on-premises possession of your data and information. Resources are moving to the cloud, employees are working from home and the internet is the new corporate network. Security services need to adjust to fit the new normal.
Regulatory concerns: Financial firms have also been reluctant to adopt cloud technology because of traditional corporate governance practices. It’s one thing when systems are secured behind a perimeter and you have full control. It’s another thing when you’re relying on third-party hosting providers or cloud vendors to manage sensitive communications data for you. 
The regulatory bodies understand the need for a shift to the cloud and have made it themselves. FINRA – an organization that regulates wealth management firms – has moved its data to the public cloud. The shift should be an indicator to regulated firms that this is the way of the future in financial services

Shift to remote work accelerating cloud adoption

The work-from-home paradigm has been a force multiplier for cloud adoption. The primary business case for a move to the cloud prior to the pandemic was about convenience, cost and the ability to scale. Now, the corporate perimeter has been decimated and cloud services are business critical. People are using their own devices, from their own homes, across time zones and geographies. They need the flexibility to access work and communication applications at any time. 
It’s been clear for a few years that mobility and cloud are here to stay. Financial organizations had started to prepare for this, but the pandemic accelerated that transition by five or even ten years. As employees or registered reps work from distributed locations, they need to use more and more cloud-based collaboration and conferencing applications to conduct business. These applications are easy to use, manage, and update from anywhere. 

Tips for network security and achieving compliance with the cloud

The cloud and mobility are here to stay. Look for technology solutions with robust architecture designed for a cloud-first and mobile-first reality. Moving from legacy technology isn’t always simple, but it will help financial firms future-proof compliance and security procedures.
Moving to cloud-hosting services has many organizational benefits. Business continuity has been enabled by cloud-based applications like Zoom and Microsoft Teams. Processes are more efficient, and productivity has increased. The cloud has unified security as well. Companies have been able to move from site-centric security protocols – which could be very different from New York to Tel Aviv – to user-centric security. Everyone can have the same user experience and follow the same security policy, regardless of location. 
You don’t have to make the transition to the cloud at once. Many cloud and mobile-first solutions can also support or complement legacy environments through the migration process. Try starting with a specific use case rather than your full range of services. See how that implementation process works and move to other issues once you’re satisfied with the result. 
Think holistically about cybersecurity and risk. Cyber risk and compliance risk mitigation is a layered problem. You must address network security, user security, device security, information governance, data privacy, and all the other facets of new, cloud-based technology to address all potential vulnerabilities. Start by considering these factors:  

  • The size and makeup of your organization
  • Regulatory requirements
  • Data security and data privacy requirements
  • What tools you use to collaborate and communicate
  • How technology is accessed from various networks or devices

Start inward and work your way out. As you’re optimizing your processes and technology to holistically manage risk, start by looking at your individual users and the devices they’re using. Then consider the applications through which they’re doing business and the networks they’re accessing, all the way up to your corporate infrastructure, to develop a thorough plan.
The post-pandemic transformation – though abrupt and challenging – was an inflection point in the way financial services organizations do business. The IT landscape, cloud services, and mobility have helped companies stay connected and productive. Financial firms must rethink and upgrade their infrastructure to accommodate new security and compliance challenges.
This was the topic of a recent webinar discussion hosted by Perimeter 81, “From Cloud to Compliance: Mitigating Cyber Risks for Financial Services,” and was written by Sid Yenamandra, CEO and founder of Entreda, a Smarsh company. Watch the full webinar on-demand.