Simple Cybersecurity Technical Controls for RIAs, IBDs, and Hedge Funds

Cybersecurity Technical Controls for RIAs, IBDs, and Hedge Funds

Are you a new CCO looking to get your head around your cybersecurity framework or a seasoned pro looking for a checklist?

Either way, these 12 steps help you strengthen your cybersecurity defenses.

To be clear: These are not a "nice to have" or "a cool feature". This stuff is mandatory for ALL firms.
​

1. Install and maintain firewalls to protect data
2. Change default passwords on all firm  devices and systems (ESPECIALLY your router and modem)
3. Encrypt all hard drives.
4. Encrypt transmission of client data.
5. Use Antivirus and Antimalware software on all firm devices. Use VPN services for all mobile devices.
6. Use only software and systems that allow for 2-factor authentication. Physical keys like Yubiko or Thetis are preferred.
7. Restrict access to sensitive data. Only those with a need get access.
8. Assign unique usernames to all employees who access your client's data. No sharing of passwords. Ever.
9. Restrict physical access to the data. Lock your office, enable mobile wipe, GPS tracking, etc.
10. Monitor and log all access to data and network resources.
11. Perform vulnerability scans and penetration tests on your network at least annually.
12. Document Everything! If you don't properly document it, it didn't happen.

​