This Weeks Topic: Cybersecurity Part 2
In last week’s update, I shared with you a list of the cybersecurity issues that we contend with as an investment manager. They are not much different than what each of us must deal with in today’s internet driven world
I thought it might be helpful to provide to you a few processes that we implement on your behalf in our efforts to protect data and your privacy. This is not an exhaustive list and is subject to change. We may adjust these practices as needed, but it does give you an idea of how seriously we take the threat and the efforts we take on your behalf.
DWM maintains firewalls, anti-malware/anti-virus software, encrypts all laptops and is focused on detecting threats before any information or firm systems is compromised. DWM has also implemented multifactor authentication (MFA) as an added layer of security to protect sensitive data. Compliance and our IT service provider stays abreast of common cyber-attacks and updates the above list as new and more prevalent attacks become identified.
The firm provides training to employees regarding information security risks and responsibilities; such mandatory training is provided to all employees quarterly via an online platform; additional training and/or written guidance also may be provided to employees in response to relevant cyber-attacks. Maintaining the security, integrity and accessibility of the data maintained or conveyed through the firm’s operating systems is a fundamental requisite of our business operations and an important component of our fiduciary duty to our clients.
While recognizing that the very nature of cybercrime is constantly evolving, DWM conducts periodic vulnerability assessments based on our firm’s use of technology, third-party vendor relationships, reported changes in cybercrime methodologies, and in response to any attempted cyber incident, among other circumstances. Protecting all the assets of our clients and safeguarding the proprietary and confidential information of the firm and its employees is a fundamental responsibility of every DWM employee.
DWM has adopted various procedures (subject to change) to implement the firm's policy and conducts reviews to monitor and ensure the firm's policy is observed, properly implemented and updated, as appropriate, which include the following:
-
The firm has established a Cyber Security Team with responsibility for overseeing the company’s cybersecurity practices.
-
DWM’s cybersecurity policies and procedures have been communicated to all employees at beginning of employment and annually thereafter during their annual Compliance meeting.
-
Compliance conducts periodic cyber risk assessments at least annually to identify threats and vulnerabilities to the business.
-
The firm’s IT services vendor is responsible for implementing DWM’s Cyber Security Program by providing the following services:
-
Sensitive Data Discovery – Personal Identifiable Information (PII)
-
Account Password Audit to identify:
-
Weak passwords
-
Identical passwords
-
Accounts with passwords set to ‘never expire’
-
-
Internal and external vulnerability scans
-
Cloud services usage report
-
Security training progress report
-
IT hardware and software Inventory and User profiles
-
External email forwarding audit
-
Quarterly meetings to review cybersecurity roadmap and results from quarterly reports above
-
Annual meetings to review cybersecurity policies
-
Maintains Anti-Virus on all Windows systems with monthly monitoring
-
-
Compliance maintains records documenting such training and ad hoc employee guidance and/or system notifications.
-
Entrance to the DWM office is secured and accessible via company badge only. All vendors and clients must be escorted into the office by the receptionist.
-
At least annually, IT along with Compliance will review user access to firm systems and inventory all systems and hardware assigned to all employees.
This is just a subset of the actions we have taken. I have not listed all of our processes in place, but this should give you an idea of how seriously we take this issue. We take it seriously.
If you have any questions about this information, please let us know. Always happy to help.
The opinions expressed herein are provided for informational purposes only and are not intended as investment advice. All investments involve risk, including loss of principal invested. Past performance does not guarantee future performance. Individual client accounts may vary. Although the information provided to you on this site is obtained or compiled from sources we believe to be reliable, Destination Wealth Management cannot and does not guarantee the accuracy, validity, timeliness or completeness of any information or data made available to you for any particular purpose. Any links to other websites are used at your own risk.