IFIC unveils updated cybersecurity guide
The Cybersecurity Program Basics guide, released by the International Investment Funds Association (IIFA), has been released across participating jurisdictions of the IIFA Cybersecurity Working Group.
Following an annual survey by the International Organization of Securities Commissions through its Task Force on Cyber Resilience, which found many asset management firms not employing some basic digital security measures, the IIFA guide outlines key steps to establishing a cybersecurity program. These steps include:
- Establishing a framework;
- Conducting security awareness training;
- Having an incident response plan;
- Performing table top exercises;
- Establishing and monitoring normal network activity; and
- Participating in trusted information sharing
“The release of the IIFA’s cybersecurity guide demonstrates a unified commitment to elevating and enhancing cybersecurity practices on a global scale,” IFIC President and CEO Paul Bourque said in a statement.
In line with IIFA’s new guidance, IFIC has released an update to its own cybersecurity guide. Aside from previous recommendations, the new guide highlights the potential benefit of information sharing, either through a government-sponsored website or through a trusted network of peers.
“Information sharing can help identify potential vulnerabilities and threats early, or even before, your firm is impacted,” the guide said.
Also noted in the IFIC guide was Canada’s new federal cyber certification program. Aimed at small- to medium-size enterprises, the voluntary CyberSecure Canada is based on 13 controls outlined in Baseline Cyber Security Controls for Small and Medium Organizations issued by the Canadian Centre for Cyber Security.
The updated handbook from IFIC includes new links to useful documents and websites. Aside from materials from Canadian regulators and international bodies, it features resources such as tools, questionnaires, and reports from other sources concerned with information security and minimizing cyber incidents.
“Rapidly evolving threats have the potential to harm clients, firms and the industry as a whole,” Bourque said. “We believe that having a robust cybersecurity program should be a top priority for firms.”