Financial institutions are often primary targets of cyber-attacks due to the sensitive data they store and volume of high value transactions executed daily. Making it extremely essential for firms to set up security frameworks to safeguard their environment. While its clear no one solution makes your environment bullet proof, there are several practices that help combat online attacks. This article highlights several approaches you can deploy today to significantly improve the security of your environment.

Have a Password Policy In Place

People naturally go for simple passwords that are easy to remember. However, this comes with the risk of predictability. Businesses should ensure there’s a password policy in place that demands employees to use complex passwords composing of letters, numbers, characters, and capitalization. A password string with a minimum of 14 characters should be used that automatically expires every 6 months.

Lock Unattended Workstations

Leaving a workstation unattended even for a few minutes is a risk. It provides an opportunity for a person with unauthorized access to easily access sensitive data or infect a target PC with malicious software. All workstations should be locked when not in use. Educate your staff and you can also set up system auto-lock after a few minutes of inactivity across your network PCs.

Identity verification before access

Users are usually required to input passwords to access their accounts. However, with the current security challenges, you can go further to implement other verification procedures like “two-step verification.” This will not be feasible for every application suite, however consider this option for your most valuable proprietary applications.

Educate your employees

Even if you are cyber security-sensitive, your organization is still at risk if your employees’ slack. Train employees to create awareness about possible cybersecurity risks. They use the systems and will be able to provide valuable insights into security gaps. Also structure a training program delivered all year round to keep your employees informed on new threats and best practices.

Restrict Access and Define Privileges

Incorporate strict control measures and define who can access specific systems and at what level. Access should be granted at different levels for different teams, roles and functions. Use read-only access whenever possible, and restrict views and write access to specific functions and admin accounts. Access privileges should be reviewed periodically, and there should be a policy that revokes access for company leavers.

Scan and review Email Attachments

One common way hackers infect PCs is by sending email links containing malicious code. Once a person clicks the link, the code runs secretly in the system. This can sometimes give hackers entry to computer servers and any stored sensitive information. It’s essential to only click on links from trusted sources. All email attachments should also be automatically scanned by anti-virus software.


Phishing is a common form of online theft where the cybercriminal pretends to be someone else to trick a user into providing sensitive information. This is usually done via email, fund managers and their assistants are usually targets. Educate your staff about phishing and the need to always perform further verification before releasing any sensitive information to external parties. Simulate fake phishing emails and send them around the firm to keep employees on their toes. It’s a good way to reinforce security standards!

Update software and keep all systems updated

Hackers are looking for loopholes to access your systems, and using expired software programs is a risk. Ensure all your software is up-to-date and only use secure premium software that offers encryption.

Invest In a Cyber Security Program

If you are inexperienced in cyber security its imperative that you invest in a cybersecurity program. You should hire experienced specialists internally or reach out to a cybersecurity consultancy that can help you develop a unique security framework for your firm.

Conclusively, cyber-attacks are a major priority for sell-side and buy side firms. Implementing just a few of these safety measures will help mitigate and further strengthen your systems against cyber attacks.