The World Federation of Exchanges (WFE) has published a set of best practice guidelines for market infrastructures that are designed to engender a staff culture of cybersecurity compliance.
When creating a cyber compliance framework, the best practice guidelines provide that WFE members should consider:
- behavioural incentives. These include focusing on: (i) cybersecurity in the home environment; (ii) bringing hackers into the workplace to demonstrate to staff how easily devices can be compromised; (iii) linking compensation to compliance; (iv) rewards programmes; (v) awareness campaigns; and (vi) the use of ‘gamification’ which in practice means making desired security behaviours fun or competitive;
- cultural incentives. These incentives start with creating a culture of personal responsibility and common sense, relating cyber awareness to personal life, family and home. Other incentives include: (i) making cyber security awareness and compliance a key performance indicator; (ii) using language that is simple, jargon-free, creative and graphical; and (iii) story-telling – using analogies and anecdotes to explain complicated concepts; and
- operational support through: (i) training (ensuring training is regular and accessible, particularly for new joiners; training technical staff on cyber awareness (often the first group targeted in cyber-attacks); and implementing a strong password/locked computer screen policy, to create a sense of personal ownership); (ii) transparency (security policies, disaster recovery and post-breach communications plans should be clear and shared with employees; provide a list of approved and restricted websites, services, software and applications); and (iii) technology (developing ‘bring your own device’ guidelines and deploying software tools that launch test phishing emails).
View WFE best practice guidelines for cybersecurity compliance, 18 January 2018