FSA calls for strengthened access control to prevent insider trading

The Financial Services Authority (FSA) has warned businesses to tighten up their IT security to stamp out the misuse of inside information during public takeovers.

The Financial Services Authority (FSA) has warned businesses to tighten up their IT security to stamp out the misuse of inside information during public takeovers.

The regulatory body reported the findings of a review it began a year ago of the controls of inside information in relation to sales of company shares.

Inside information can lead to huge movements in stocks when companies receive takeover approaches, which can increase the value. This can be very profitable to people undertaking insider trading.

Although the FSA said some companies were limiting the number of officials privy to details of potential takeovers, it concluded that many had not considered the implications of open access IT systems. This in effect enables non official insiders to access restricted information, it said.

“Some firms had not considered IT security issues surrounding the use of Blackberries, laptops and storage media (such as memory sticks),” read the report.

Audit trails left by IT systems were pinpointed as being useful for tracking internal leaks.

The authority also said the wrong people often receive information because that there is a high volume of e-mail traffic related to deals, which are largely sent to group recipients without password protection.

Best practices that the FSA identified included considering IT support as part of the team and encrypting electronic equipment such as mobile phones, Blackberrys and laptops.

The London Stock Exchange has an IT system to identify unusual behaviour and informs the FSA when this happens.

Best practices identified by the FSA

  • Employ "ethical hackers" to check the robustness of IT systems and keep abreast of any new methods of data theft.
  • Perform risk-based security checks on deal rooms to check for any breaches.
  • Password protect individual documents that contain sensitive information.
  • Roll out technology to generate an audit trail of those people who have access to sensitive files, including when they actually access those files.
  • Keep up to date with security updates.
  • Use Virtual Private Networks for staff who need access to business systems when working off-site.

Security software turns its attention from the external threats to the dangers within >>

Four found guilty of insider trading >>

Comment on this article: [email protected]

Read more on IT risk management