Nine cybersecurity best practices for your firm

Cybersecurity Best Practices graphic.

Nine cybersecurity best practices for your firm - Copy

1. Authenticate client asset transfer requests.

This is a growing area of fraud, especially elder fraud. Evaluate and authenticate every single asset transfer request, no matter how seemingly urgent. Some firms use Facetime to authenticate requests because visual identification of the account holder is valuable.

2. Be wary of email risks.

Email can be the single greatest threat. Virtually every cybersecurity incident comes by way of email, and every person at a firm must be suspicious of every single email coming in.

3. Know the most common cyberthreats.

These include phishing, malicious links, social engineering, email spoofing, email account takeover, and malware.

4. Take advantage of outside resources.

If you have cybersecurity insurance, ask your carrier for help with a cybersecurity assessment. Also ask about conducting a drill or mock attack.

5. Make your passwords long and unique.

Try to make your passwords at least 15 characters in length, make them a phrase, and make then unique. Cracking one client’s or employee’s password often opens the door to cyber-criminals’ cracking a multitude of accounts. The best practice is to use dual authentication whenever it’s available. Long-standing, reputable password managers are another option for consideration.

6. Never use public Wi-Fi for company business.

7. Host or participate in shredding parties.

These are great client events at which you can teach important lessons about cybersecurity. Have clients bring in paper records that they want to destroy. Local offices of the Federal Bureau of Investigation often take part in such events.

8. Conduct business only on company- owned devices.

Every device your employees use at work should be company owned and used exclusively for business. Absent that, employees’ devices used for business should be added to the firm’s protective systems and procedures. Many firms don’t allow employees who use their own devices to communicate with the firm remotely.

9. Employ website filters.

Use website filters at the firewall or router level. Firms can filter by category (such as gaming, social media, or personal email) and can set up a guest network for their employees’ and visitors’ personal email. Firms should also regularly wipe employees’ mobile devices clean of company information. Visit the Cybersecurity Resource Center at for insights, tools, and resources to strengthen your firm’s cybersecurity program