Cybersecurity and Firewalls

Why Your Firm’s Firewall Won’t Protect You Against Cyber Attacks

            By Troy Newman

 In April, the U.S. Securities and Exchange Commission’s published a memo on cybersecurity risks and governance that should serve as a critical resource – and warning – for financial services and money management firms.

The reason? If you look closely at the SEC memo, you may find that your firm is unknowingly failing to meet SEC guidelines and regulations on cybersecurity.

Believe it or not, more financial firms fall under that classification than you might think and that’s often due to the misconception that the firewall set up by an Internet service provider (Comcast, AT&T, etc.) is providing sufficient cyber protection.

Unfortunately, that’s typically not the case. While it is true that your ISP’s modem might feature a built-in firewall, the truth is that a basic, unmanaged ISP-supplied firewall will not stand up to SEC scrutiny and is unlikely to provide any true cybersecurity.

The seven-page document from the SEC outlines the steps financial firms must take to protect their network and their clients’ information, under guidance of the SEC. If your firm’s firewall isn’t complying with those standards, it could be exposing your clients to unnecessary risk.

 The Difference Between a Firewall and a Managed Firewall

A crafty hacker will have no trouble working around the very basic security provided by ISP-provided firewalls.

That’s because those firewalls are generally not equipped to do any sort of true traffic inspection or data analysis. Instead, they’re simply designed to perform web address translations and rudimentary protection. Just as problematic, the security provided by those basic firewalls might not stand up to a security audit.

A proper managed firewall, on the other hand, inspects every packet of data, tracks traffic patterns, detects malware, weeds out viruses, and instantaneously notifies you of an attempted network attack. Just as important, this type of firewall also gives you the ability to easily monitor traffic in and out of your network — a key qualifier of the SEC’s cybersecurity guidelines.

Why is that important? It’s simple, really. By ensuring your network is protected by a robust, managed firewall, you can rest assured that your business is SEC compliant and your customers’ information is protected.

How to Tell if Your Firm is Really Protected

Ultimately, there are two questions you need to ask to assess your network’s level of security:


  1. Do we have dedicated hardware to protect our network?
  2. Is someone constantly monitoring our network to evaluate traffic?

The right firewall should provide real network protection, rather than act as a very basic filtering device. To be truly effective, your firewall must have a management interface that displays traffic flow and provides the option to filter and deny certain types of traffic.

 Ultimately, you can’t manage what you can’t see. So, while you may think you’re protected by a strong firewall, the reality is that if you can’t see what’s happening — what’s coming in and going out — then you can’t really be sure that you’re protected. And if that’s the case, your firm may not comply with SEC regulations and you could be putting your customers, clients, and business in jeopardy.