On 28 October 2020, the European Fund and Asset Management Association (EFAMA) published updates to the ‘IIFA Cybersecurity Program Basics, a document that lays out the key cyber-prevention standards for investment management companies.

The document sets out key cyber-prevention standards for investment management companies. The commonly-shared principles that firms should apply in order to minimize the likelihood of cyber incidents were originally launched last year. These six principles are recommended to any firm looking to adopt cyber-hygiene standards, or improve their existing ones:

  • Establish an overarching cyber-security framework.
  • Conduct cyber-risk awareness trainings with company staff.
  • Have an incident response plan.
  • Conduct table top exercises to “test” such response plan.
  • Establish and monitor normal network activity.
  • Participate in trusted information sharing networks.

In light of the concerns raised by the COVID-19 pandemic, the IIFA’s Cybersecurity Working Committee has produced the following updates to the above core principles in the form of best practices:

  • ​Business continuity planning.
  • Information technology controls.
  • Inventory and control of software & hardware.
  • Principle of least privilege.
  • Work from home considerations.
  • Secure configuration.