The financial sector has been a leader in the development of cybersecurity programs, but can still benefit from continued guidance as threats increase and shift. Through its work with a large number of firms, FINRA has identified specific areas of improvement for financial companies’ cybersecurity programs. Its recently published 2018 Report on Selected Cybersecurity Practices focuses on branch offices, phishing attacks, insider threats, penetration-testing programs and mobile device controls. The report drew on the most frequently cited cybersecurity findings in its examination program, Covington partner Micaela McMurrough told the Cybersecurity Law Report, and as a result, “many of the risks discussed in the report, and the practices implemented to address them, reflect trends across examined entities.” See also “FINRA Emphasizes the Importance of Proper Electronic Record Storage in Enforcement Actions
” (Jan. 25, 2017); and “FINRA Lays Out Cyber Expectations in Action Against Broker-Dealer”
(Dec. 14, 2016).