Sometimes it is the little things that we don’t think about when looking at cybersecurity. For example, require that all employees change the password on their computers at least every 90 days. The password should be a strong password and unique to that access (a strong password is at least 8 characters in length and includes upper/lower case letters, numbers and symbols if possible). Some firms that have failed to require this have been sanctioned by the SEC.
Include a task reminder for each employee in the firm’s CRM. They then have to change the password and confirm it via the CRM thereby documenting the change.