If your firm hasn’t had to cope with the aftermath of a security breach, you’re probably one of the lucky ones. According to an analysis conducted by Ponemon Institute and Symantec in 2013, human errors and system glitches caused nearly two-thirds of data breaches globally in 2012.
With the threat of security incidents at all all-time high, we want to ensure our clients and partners have a system in place to cope with any threats that may arise. Here is a step-by-step guide to follow in the event your firm suffers from a security breach.
1. Establish an Incident Response Team.
Choose a select group of individuals to comprise your Incident Response Team (IRT). Assign each member a predefined role and set of responsibilities, which may in some cases, take precedence over normal duties. The IRT can be comprised of a variety of departments including Information Technology, Compliance and Human Resources.
2. Identify the type and extent of incident.
Before your IRT can alleviate any incidents, it must clearly assess the damage to determine the appropriate response. For example, if the incident is a computer virus that can be quickly and efficiently detected and removed (and no internal or external parties will be affected), the proper response may be to document the incident and keep it on file. This task could effectively be handled by the IT department.
If however, an incident occurs that affects multiple clients/investors/etc., the incident should be escalated to the IRT.
3. Escalate incidents as necessary.
Certain departments may be notified of select incidents, including the IT team and/or the client service team. These parties should use their discretion in escalating incidents to the IRT. Any event suspected as a result of sabotage or a targeted attack should be immediately escalated.
4. Notify affected parties and outside organizations.
One member of the IRT should be responsible for managing communication to affected parties. Depending on the severity of the incident, the IRT member will act as the liaison between the organization and law enforcement.
5. Gather evidence.
When appropriate and necessary, the IRT is responsible for identifying and gathering both physical and electronic evidence as part of the investigation.
6. Mitigate risk and exposure.
A technical member of the IRT should be responsible for monitoring the situation and ensuring any effects or damage created as a result of the incident are appropriately repaired and measures are taken to minimize future occurrences. The IRT will also need to define any necessary penalties as a result of the incident.
Here are a few more resources on hedge fund security you may find helpful:
Source: 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute & Symantec
Photo Credit: Flickr