On 24 October the FSC hosted Peter Salmon, Senior Director, Operations & Technology...
Cyber Security - How ready are you?
By Carla Hoorweg
On 24 October the FSC hosted Peter Salmon, Senior Director, Operations & Technology, Investment Company Institute out of Washington. The ICI is the equivalent of the FSC over in the US.
With over 17 years at the ICI, and having worked for some very heavy hitters, Peter had a number of important lessons learned over the years to share with his Australian audiences.
The three main takeaways for those lucky enough to hear Peter were:
- Cybersecurity is a not a U.S. problem, it’s a global problem;
- Hackers have the same hardware, get the same information updates and have more time on their hands than you and your business;
- We need to re-think how we construct passwords. Rotating through iterations of Password1!, Password2!, Password 3! doesn't cut it anymore.
Failing in principle, not in fact
Are you running tabletop exercises for cyber incidents so that you fail at a table and not when it matters? If not, why not convene one very soon and start your planning. Peter urges this type of scenario playing can actually make a difference when you’re faced with a real cyber incident…and most of us will be.
How secure are your systems and what devices are your staff and customers using to connect?
What about all the different devices your people and customers connect to you on? How secure are they and how much trouble can they get you in to? An audit can help you identify weak access points.
Do your staff have too much system access or too high level permissions?
Have you allowed your staff too much access and the wrong permissions level? It’s safer to give your staff just the access they need to do their job and leave the other stuff to the administrators and deal with extra access on a case-by-case basis.
Just making a few of these changes can help prepare you, and safeguard you, better.
How easy is it to crack your password?
Did you know your password can be almost unbreakable if you use a leading number and a phrase all in lower case? Whether it’s eight characters or 16, try it next time you have to reset your password.
When you use your name and a 1 and an exclamation mark (yes, people do that), and then change it to a 2, any hacker worth their salt will wait you out and then add the 3 at some point.
Think about that next time you have to update your password.