Conduct & Ethics for the Board & Senior Management

A poor culture has been at the root of many financial scandals.

For any business, be it in financial services or another industry sector, be it regulated or unregulated, it is essential that the culture of the firm should be clearly understood by Senior Management and the Board and that this should cascade down to all staff in order to influence conduct. For regulated firms, those behaviours should result in the right customer outcomes.

This course discusses the concept of culture, questions what makes a good culture in a firm and poses challenges to Senior Management to show the right cultural and ethical leadership. This will allow all staff to understand what constitutes the right behaviour in specific scenarios and where to go for assistance if they are not sure.

After attending this course, participants will be able to:

• Explain the importance of the right culture in their firm
• Describe the regulator’s views on culture
• Explain how they can show the right cultural and ethical leadership in their firm

• Introduction
  • Why is cybercrime and information security important?
  • Recent news stories relating to cybercrime
  • What does it mean for you?
    
    
• Understanding the risks
  • Myths and realities in relation to cybercrime
  • Anatomy of a cyber attack
    • Who commits cybercrime?
    • Key stages of a cyber attack
      
      
• Managing the risks
  • Why is it important to have robust defences (examples of UK and US regulatory action)
  • Defence strategies
    • Defence in depth
    • Zero trust
    • Key elements of a firm’s defences (e.g. least privilege access, procedures/controls, firewalls, encryption)
      
      
• Malware
  • What is malware?
  • Protecting against malware
    • Anti-virus software
    • Staff vigilance
    • Other protections (e.g. software updates, backups, red flags)
      
      
• Passwords
  • Examples of good and bad passwords
  • Common password attacks
  • How do you create a secure password
  • Multi-factor authentication
  • Practical steps to keep passwords secure
    
    
• Electronic communications
  • Common types of attack
    • Phishing
    • Spear phishing and whaling
    • Smishing
    • Vishing/social engineering
      
      
• Hybrid/remote working
  • Common risks when working outside the office
  • Practical advice in relation to:
    • Safe use of WIFI
    • Video conferencing
    • Other information security risks (e.g. travelling, clear desks, information classification)
      
      
• Assessment (10 questions)