The Investment Funds Institute of Canada (IFIC) today released an updated version of its Cybersecurity Guide for Canadian firms after the International Investment Funds Association (IIFA) published its Cybersecurity Program Basics, a guide to help enhance cybersecurity programs in investment firms.

The IIFA guide was created in response to an annual survey that found many asset management firms, especially small firms, are not employing basic cybersecurity measures.

Paul Bourque, president and CEO of IFIC, says the new guides are a unified commitment to elevating and enhancing cyber security practices on a global scale. “Rapidly evolving threats have the potential to harm clients, firms and the industry as a whole,” he adds. “We believe that having a robust cybersecurity program should be a top priority for firms.”

The guide recommends six measures, including that firms establish a cybersecurity framework – much like a set of blueprints – that identify the scope of information to be protected, along with standards, guidelines and best practices to manage cybersecurity-related risk.

Next it recommends firms conduct ongoing security awareness training, regular table top exercises, and have an incident response plan that is tested and updated regularly. Finally it recommends firms monitor normal network activity to better understand and identify anomalies that should be investigated, and recommends that firms form informal, information-sharing networks with peers who are facing the same risks. (The updated IFIC guide now includes details about information sharing among trusted peers.) Both documents, available on IFIC’s website, also provide an extensive list of links to resource documents and websites.