Financial advisers, similar to those who work in emergency management and disaster response, deal with confidential information daily – and it is crucial that the information they use remains private. An article in Investment News covers off questions that any company should ask a potential third party vendor to ensure that they are covered.
- Don’t compromise: Make sure all licensed software has an alerting system for strange behavior (or “indications of compromise”) and that the software meets standards and certifications as provided by The National Institute of Standards and Technology (NIST) Cybersecurity Framework or industry-specific organizations.
- Separate hosting: The article recommends that vendors have “separate host environments across multiple data centers, employ strong encryption and data masking, and can demonstrate that they regularly test and audit against security best practices”.
- Consider physical security: Are the date centers of your vendor secure, with backup generators?
- R&D: How are new products developed, and are the testing sites secure?
Source: https://www.investmentnews.com/article/20190701/FREE/190709991/ask-these-cybersecurity-questions
