Adequate Cyber security measures for the financial services industry are law…
Reforms introduced as part of the Hayne royal commission mean that a failure to comply with certain AFS licensing obligations – including obligations relating to how cyber risks are addressed – may give rise to a civil penalty. This was precisely the situation a financial services firm found themselves in when recently, they were prosecuted by ASIC for failing to comply with these obligations. According to Insurance News, their Cyber policy was too lax.
For this reason, it is so important to ensure your business has adequate cyber risk management systems in place to manage cybersecurity risks or you could risk facing prosecution.
Some risks that you and your clients could be exposed to if you don’t have a sufficient risk management strategy in place are:
- Compromise of confidential data
- Fraudulent emails requesting funds to be transferred
- Ransomware
- Unauthorised access to servers.
Below are some examples of how you could minimise this risk:
- Password-protect documents sent via email which contain personal client information;
- Avoid using personal email addresses like Gmail;
- Use passwords for IT devices and implement a password policy;
- Use up-to-date security software including anti-virus;
- Assess software annually for currency and apply patches regularly;
- Have an “acceptable use” policy for staff;
- Back up data regularly, store backups securely, and test them regularly;
- Implement physical security requirements such as locking premises and having a clean desk policy.
If you would like more information on how you can improve your businesses cybersecurity position then please reach out to us on (02) 9587 3500, or at theteam@wsib.com.au
