- Be very suspicious of email or website links you don’t recognize, and even be cautious of those that look familiar - it is simple for hackers to impersonate people and sites.
- Be very careful with work emails asking for urgent payments, especially if they provide new payment instructions. If you can, call to confirm.
- Turn on 2 Factor Authentication whenever possible. This sends a confirmation email or text when you login to a system, which makes it harder for hackers to break in.
- Turn on auto-updates for your systems and applications. Hackers know many people don’t bother, which means they can easily exploit known software vulnerabilities.
- Backup your critical business files on a separate system or drive, so that if one system is corrupted you still can recover the data you need to run your business.
- Know where your confidential data is stored and use encryption if you can. (Encryption is available on Windows 10 Professional systems, Mac iOS, and Linux).
All NFA regulated firms are required to have a documented Information Systems Security Program (ISSP) that describes their security policies and controls. Per NFA 9070 these should be appropriate for the size and complexity of each business, with core elements including annual security awareness training. If you need assistance developing your ISSP or performing the required annual review of your security program, consider contacting a security consulting firm that specializes in the futures industry. Good security practices can help keep your business safe from hackers - and keep your auditors happy too.
vSEC, LLC is a cyber security consulting company. Our website offers a questionnaire for firms to self-evaluate their security program against the controls identified in NFA 9070. For more information email info@vsecllc.com or visit www.vsecllc.com