This is the first blog in a series focused on cybersecurity consulting for financial institutions. The financial services industry continues to be one of the highest regulated industries in the country. But this is for very good reason, considering the highly sensitive nature of information that organizations within this industry are in control of. With that being said, ensuring your financial services company is compliant with the regulations in place is a vital component to success.
To start off with, what is actually considered Financial Services? Financial Services is a broad range of organizations that provide any kind of financial management. This can include credit unions, banks, credit card companies, insurance companies, accountants, consumer-finance, stocks and investments companies, and the list goes on. Many of these industries are filled with for-profit companies that have the ability to hire staff who can implement and manage robust cybersecurity programs. Unfortunately, there are some not-for-profit organizations, like many financial institutions, who have to follow many of these same guidelines but don’t have near the resources.
There are two very important areas within cybersecurity that financial institutions have to be conscious of:
Gramm-Leach-Bliley Act (GLBA)
Originally published in November of 1999, the GLBA requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive information. It aims to modernize and deregulate the financial sector by removing barriers between different types of financial institutions. This act introduced essential provisions to address the growing concerns within the financial sector.
Federal Financial Institutions Examination Council (FFIEC)
The FFIEC is an interagency body in the United States that consists of several regulatory agencies, including the Federal Reserve, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Consumer Financial Protection Bureau. The FFIEC is responsible for developing and promoting uniform standards and principles for the examination and supervision of financial institutions.
Many of the standards driving the decisions made within financial institutions come from the GLBA and FFIEC. As stated previously, many financial institutions are restricted by tight budgets, making it incredibly difficult to remain compliant in a constantly changing environment like cybersecurity. This is where having assistance from experts within the cybersecurity industry who specialize in financial institutions can be extremely beneficial. And that is exactly what this series aims to highlight. Through a partnership with a cybersecurity consultant, financial institutions can implement the robust information security program needed, for a fraction of the cost it would take to hire staff fulltime.
To start off with, the next blog will dive into:
- The Gramm-Leach-Bliley Act (GLBA) and it’s impact on financial institutions
- The FFIEC and how this governing body guides financial institution decisions
Then we will dive into:
- Difference between a cybersecurity consultant/partner and a managed service provider
- Financial Institutions Risk Assessments
- Security Awareness Training for Financial Institutions
Throughout the course of this series, our goal is to provide educated insights into how financial institutions can utilize cybersecurity consultants to remain compliant. We will dive deep into detail and provide examples to assist with steps that need to be taken. At any point, if you would like to discuss your companies needs and goals, please contact the experts at LMS for a free consultation.