Updated: Apr 29, 2020
Public Service Announcement [PSA] - I have recently welcomed Shannon Eastman to the Aquest podcast as a standing co-host with me from here on in.
She will be bringing a dynamic to our conversations that invite us to explore the human behaviour aspects of our Regulated Financial Services topics.
This episode with Sam Glynn was fascinating.
The conversation took us to topics such as: the risks from working from home, sextortion, what the CBI might think of lightning speed actions before we double-check the lightning speed, and all that before we then document the lightning speed efforts.
If you don't know Sam, he is well worth the connection. Sam is founder of Code in Motion, an IT Advisory helping regulated firms go from unsure to secure.
He typically works with CFOs and COOs who are accountable for IT even though IT is not their primary area of expertise.
They are under pressure to deliver secure, flexible, modern IT capabilities while ensuring alignment to:
The risk tolerance of the firm
The needs of Risk & Compliance teams, CEO, and Board
The expectations of regulators
And If you are keen to access that 12 step roadmap Sam mentioned in the podcast - you can do that over here.
Cybersecurity has been a recurring issue for many regulated firms, and a concern of the Central Bank, even before Covid-19 hit our shores.
In this Cybersecurity episode, we discuss the possible risks that may have been introduced when firms had to move fast and provide working-from-home capabilities, in response to the measures imposed as a result of Covid-19.
We are joined by our standing co-host, Shannon Eastman, and by Code in Motion's Sam Glynn, an IT advisor to regulated firms who helps CFOs and COOs go from unsure to secure.
We discuss how new and smaller firms may have been ready to work remotely, but how older, risk-averse, and bigger organisations may not be prepared for such a setup given their more traditional approach of securing everything in a secure location.
Depending on the size of their employee base and the complexity of their IT systems, we also discussed other factors to consider, including:
How firms struggled to quickly provisioning laptops to all employees as part of their response
How many may have been forced to enable staff to access corporate systems and data from non-corporate devices – e.g. email from personal phones
The 3 states a firm can be in when thinking about cybersecurity – Hopeful, Comfortable, Provable
The 3 Phases a firm have to go through in their business continuity response, and the importance of doing the third phase
How a firm should focus on what has changed in their IT setup as a result of their Covid-19 response, and ensure new risks are identified, monitored, managed and mitigated