“The Internet has a dark side,” Deputy Treasury Secretary Sarah Bloom Raskin remarked while addressing senior level banking executives at this year’s Clearing House Annual Conference. Raskin focused her comments on malicious cyber activity, pointing out that weaknesses in the financial sector’s complex interconnected system attract bad actors like water “drawn to cracks in a foundation.”

While commending the recent adoption of cybersecurity norms by G-20 leaders, Raskin acknowledged that proactive efforts by financial executives is essential to strengthening the country’s financial infrastructure. She then offered a three-part cybersecurity checklist for in-house counsel, compliance officers, security personnel, and others looking to stave off cyber-attacks:

  1. Ensure that cybersecurity is part of the institution’s “genetic code” by embedding cybersecurity processes into governance, control, and risk management systems.
  2. Engage in basic essential security practices such as requiring multi-factor authentication, restricting high-level access to privileged users, and mandating regular patching of software. These and other essential practices can prevent up to 80% of all known incidents.
  3. Be prepared for the worst by creating a response and recovery playbook for serious cyber incidents. The playbook should direct the company’s response when a cyber-incident happens: who does what, when, and reports to whom, as well as guidelines addressing when to involve law enforcement and executive management, and when to inform clients and customers.

With the continuing if not accelerating impact of technology on the financial services sector, cybersecurity and resiliency become ever more critical to the well-being of our financial system. Treasury Secretary Raskin’s “cybersecurity checklist” offers some direction for financial institutions beginning their journey into this “new frontier.”

Treasury Secretary Raskin’s biography is available here.