Monsters lurking, ghosts haunting, cyberattackers plotting; it could only mean one thing. Yes — you guessed it — it’s Cybersecurity Awareness Month.

The month of October is dedicated to the elusive, and oftentimes downright scary, the world of cybercrime. Started by the Cybersecurity & Infrastructure Security Agency (CISA) in 2003, Cybersecurity Awareness Month is a chance for the agency to inform organizations of all kinds with resources and guidance to anticipate and enforce critical cybersecurity measures.

This year, it’s needed more than ever. Cyberattacks including ransomware, data breaches, and phishing scams are dominating the headlines. In many cases, these issues could have been proactively avoided. Take, for example, these cybercrime statistics:

• 70% of online fraud is done on mobile platforms
• 75% of large companies rely on pre-installed antivirus software
• 21% of security professionals think their current security controls are adequate

Financial services are one of the most highly targeted industries for cyberattacks. If you’ve ever read a cybersecurity horror story and worried that your firm could be at risk of a similar result, you’ve come to the right place. In the spirit of Cybersecurity Awareness Month, we’ve compiled a list of five critical components of a successful cybersecurity program.

1. Device management

According to a Reuters article from earlier this year, the average U.S. household now has 25 connected devices, including smartphones, watches, gaming consoles, and more. The implications for regulated financial services organizations, contending with compliance and risk management issues are enormous. Many organizations are still trying to manage how they preserve and monitor emails — never mind wealth managers conducting deals via smart fridge.

But the not-so-temporary-anymore remote and hybrid workplace realities have let the black cat out of the bag — people just can’t be tethered to a single device or application to communicate for work. Many organizations manage this by issuing corporately owned and monitored laptops and phones.

Others have instituted bring-your-own-device (BYOD) policies, where employees are enabled to access company assets and applications using their personal devices. This can threaten a firm’s cybersecurity because there is no centralized control over the security posture of an endpoint device such as a personal laptop, tablet or phone. A BYOD user may have applications or malware on their devices that can give bad actors an access point to company data.

Most employee-owned devices are not appropriately protected. And cybersecurity issues are only becoming more challenging as people lean on video conferencing platforms to meet with clients and collaborate with colleagues — a shift that has also affected the ability for firms to manage communications compliance. Adding cyberattacks to the mix can put financial firms in a vulnerable spot.

2. Network and application security

Updates to network infrastructure, and the need for requisite network security, have gone into overdrive now that companies are supporting remote or hybrid work models. Unfortunately, the abruptness of this shift still has lingering effects. In a recent survey on hybrid workforce security, 21% of organizations surveyed indicated that they’d made only a few changes in network architecture and security, and 44% of respondents had invested more heavily in improving network access, to the detriment of network security.

This has regulatory compliance implications as well. Preserving and monitoring electronic communications is an obligation for financial services organizations like broker-dealers and investment advisors. The ability to meet these requirements with a distributed workforce using any number of communication applications is challenging without scalable, cloud-based compliance solutions.

3. Monitoring

Monitoring for cyber disruptions should be an ongoing, automated process. This is also an area of concern for regulated financial organizations required to develop supervisory procedures for employee communications. Make sure you have outlined your policies and procedures for employee monitoring under regulatory obligations, and that your compliance and cybersecurity monitoring efforts and technology are compatible.

Unfortunately, the calls may be coming from inside the house. Employees may take the opportunity of not having someone watch over their shoulder to act in bad faith. To keep this from happening requires automated controls for monitoring security settings, data leakage and other policy violations.

4. Incident management

Even with the best of intentions, cyber attacks happen. But how well you’re poised to respond will determine your ability to do damage control — for regulators, clients, and your company. The ability to analyze a security interruption and pinpoint exact vulnerabilities is key to avoiding those issues down the road.

Let’s do a quick assessment. Here are a few questions to help you assess your firm’s cybersecurity sophistication:

• Do you have an Incident Response Plan?
• Do you have a repository or system in place to capture all cybersecurity related incidents?
• Do you have documented proof of incident remediation?

If you said no or are unsure about your answer to any of these questions, your ability to adequately respond to a cybersecurity incident is at a disadvantage. Your ability to prove to regulators that you’ve remediated the problem will be more difficult as well.

5. Education & awareness

Employee training is one of the most important elements of a solid cybersecurity program in financial services. Security training should keep employees in the know, and always on their toes. Educate staff on critical elements of cybersecurity, and their role in the process, including:

• Acceptable and prohibited devices
• Acceptable and prohibited applications
• How to access protected networks
• How to apply security updates on all devices
• Consequences of unauthorized data leakage

Wherever possible, automation can be beneficial to an employee awareness program. Penetration testing, vulnerability scans, user alerts, and authentication & password policies can be configured to help you meet cybersecurity awareness goals.

Automated security and compliance

Don’t be frightened by the current state of cybersecurity — be prepared. Entreda Unify can automate, standardize and streamline the most critical cybersecurity factors, all within a single interface and customized specifically for your firm’s implementation.

For more information on Cybersecurity Awareness Month, visit CISA.org.