“The Internet has a dark side,” Deputy Treasury Secretary Sarah Bloom Raskin remarked while addressing senior level banking executives at this year’s Clearing House Annual Conference. Raskin focused her comments on malicious cyber activity, pointing out that weaknesses in the financial sector’s complex interconnected system attract bad actors like water “drawn to cracks in a foundation.”

While commending the recent adoption of cybersecurity norms by G-20 leaders, Raskin acknowledged that proactive efforts by financial executives is essential to strengthening the country’s financial infrastructure. She then offered a three-part cybersecurity checklist for in-house counsel, compliance officers, security personnel, and others looking to stave off cyber-attacks:

  1. Ensure that cybersecurity is part of the institution’s “genetic code” by embedding cybersecurity processes into governance, control, and risk management systems.
  2. Engage in basic essential security practices such as requiring multi-factor authentication, restricting high-level access to privileged users, and mandating regular patching of software. These and other essential practices can prevent up to 80% of all known incidents.
  3. Be prepared for the worst by creating a response and recovery playbook for serious cyber incidents. The playbook should direct the company’s response when a cyber-incident happens: who does what, when, and reports to whom, as well as guidelines addressing when to involve law enforcement and executive management, and when to inform clients and customers.

With the continuing if not accelerating impact of technology on the financial services sector, cybersecurity and resiliency become ever more critical to the well-being of our financial system. Treasury Secretary Raskin’s “cybersecurity checklist” offers some direction for financial institutions beginning their journey into this “new frontier.”

Treasury Secretary Raskin’s biography is available here.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Norman Roos Norman Roos

Norman Roos, a member of Robinson+Cole’s Business Transactions Group, concentrates his practice on transactional, regulatory, and technology matters relating to the financial services and real estate industries. He is also a member of the firm’s Financial Services Cyber-Compliance Team and advises financial institutions…

Norman Roos, a member of Robinson+Cole’s Business Transactions Group, concentrates his practice on transactional, regulatory, and technology matters relating to the financial services and real estate industries. He is also a member of the firm’s Financial Services Cyber-Compliance Team and advises financial institutions concerning data privacy and security matters, particularly in relation to policy planning and implementation.

Mr. Roos is counsel to the Connecticut Mortgage Bankers Association, Inc., and is president-elect of the American College of Mortgage Attorneys where he has served on the Board of Regents and as Connecticut State Chair. A member of the Connecticut Bar Association, Mr. Roos is Past Chair of the Financial Institutions Law Section. He has served on a number of Connecticut Law Revision Study Committees including those on Uniform Common Interest Ownership Act, Electronic Communications, Mortgagor Liability, and Electronic Recording of Land Records. Read his full bio here.

Photo of Scott Baird Scott Baird

Scott M. Baird is an associate in the firm’s Business Transactions and Finance Groups, where his practice involves all aspects of corporate and securities law, including corporate governance, mergers and acquisitions, private equity and venture capital transactions, joint ventures, finance transactions, and securities…

Scott M. Baird is an associate in the firm’s Business Transactions and Finance Groups, where his practice involves all aspects of corporate and securities law, including corporate governance, mergers and acquisitions, private equity and venture capital transactions, joint ventures, finance transactions, and securities law and compliance. He focuses on new legislation as well as regulatory and compliance matters involving financial service institutions. Read his full rc.com bio.