The official definition given in TechTarget’s IT Dictionary reads: “Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. Authentication is a process in which the credentials provided are compared to those on file in a database of authorized users’ information on a local operating system or within an authentication server. If the credentials match, the process is completed and the user is granted authorization for access.”
At the heart of authentication is controlling access to ensure individuals only access the information they need. With stories of password compromises becoming more common it is important to understand the types of authentication factors available and good computing practices.
As part of Information Security Planning, firms should also identify applications, services or websites that require at least one level of authentication (e.g. password protection, PC certificate, or security tokens) as well as any that may require multi-factor authentication.
Following are the three commonly used authentication factors:
In a constantly connected world, the majority of us cannot help but feel reliant on our mobile devices, especially when it comes to battery life percentage.
Whether you’re in the airport, train or just on the go, keeping that effervescent green light out of the red zone becomes a priority, and most will plug into just about anything. With public smartphone chargers on the rise, this resource seems ideal for the battery conscious user. However, prior to plugging in to power up, we suggest proceeding with caution. After all, do you know whose hands that charger was in before?
In today’s market, the pressure from both investors and regulators is at a steady incline. Reporting obligations have grown complex, transparency is in high demand and compliance technology has become a vital component to a firm’s success. With various demands tug-o-warring hedge fund managers in multiple directions, a Client Relationship Management (CRM) platform could be the solution your financial firm has been searching for.
Introducing Ledgex CRM, the revolutionary, stand-alone Client Relationship Management solution launched today by our sister company, Ledgex Systems. Ledgex CRM is ideal for managing and tracking investor communications, sales pipelines, client relationships and capital movements. The highly configurable, centralized platform is tailor-made for hedge funds, family offices and asset allocators.
The new product offers the sophisticated Client Relationship Management capabilities necessary to raise and retain more assets, maintain and grow clients, provide outstanding client service and meet heightened reporting requirements. Out of the box, the web-based solution delivers efficiencies, transparency and flexibility without increasing headcount or costs. By streamlining investor relationship management and capital activity, Ledgex CRM enables managers to optimize their time and focus on fostering relations and growing business.
By now, you’ve no doubt heard about Apple’s latest tech craze: Apple Watch. Revealed during the company’s latest announcement earlier this week, the Apple Watch is expected to revolutionize the mobile world. Available starting April 24, the Apple Watch will appeal to a variety of end users – with prices ranging from $349 (for the aluminum version) to $10,000+ for gold-plated versions.
The Apple Watch will feature many of the same abilities of the iPhone – making/answering phone calls and texts, Internet surfing, and app integration as well as new advanced health monitoring features and Apple Pay. But with a user’s data now on his/her wrist in addition to in his/her pocket, should we be concerned about security?
Let’s start with the good news.
Apple Pay, in and of itself, has been thought out well in terms of security, it seems. Users can opt in to use a PIN number which will need to be entered every time the watch is put on a wrist. So if that watch was stolen, it would be impossible for the thief to make purchases via Apple Pay unless they had a user’s PIN number. According to Apple:
“Even if you lose Apple Watch, your accounts are protected. Because when you set up Apple Pay, you’re required to create a passcode. Each time you take Apple Watch off your wrist, the passcode must be entered to access it. And you can quickly remove your cards on iCloud.com."
In the last 30 years, how many weather events can you remember? Maybe some recent “super storms” come to mind – Hurricane Sandy (2012), and Winter Storm Juno (2015) are probably at the top of your list. How prepared for these storms was your firm?
A 2007 study by the National Association of Insurance Commissioners (NIAC) found that more than 90% of small businesses interviewed had property/liability coverage while less than half (48%) of firms with annual revenues of more than $1 million have business interruption insurance.
It may not come as a surprise then that, following disasters such as these, many small business (20-40%) are forced to shut down, according to an Institute for Business & Home Safety (IBHS) report. It is important to understand the losses that can affect businesses and prepare accordingly. These losses can include: disruption of critical supplies and inability to move product, utility outages and power failures, employee transportation issues or remote access problems, and connectivity issues, just to name a few.
We recently hit our 500th post here on Hedge IT! To commemorate, we are hosting our annual blog awards! We've gathered the most thought-provoking, popular articles according to our readers and included a few of our personal favorites, as well.We hope you enjoy!
Two months into 2015 and already there have been changes within the financial service industry. From global security breaches, to the demands for increased investor transparency, to start-up funds launching and competing with their enterprise counterparts, the hedge fund landscape is as turbulent as ever. From a hedge fund technology perspective, there are a couple major trends that have started and will definitely continue to play out during the rest of 2015.
Zeroing in on these trends, today we released our new whitepaper aptly titled Four Trends Shaping Hedge Fund Technology. Read on for a sneak-peak of the topics covered in the paper and be sure to download the complete paper HERE.
In case you missed it, earlier this week we hosted a webinar during which our resident cybersecurity expert and SVP of Technology, Steve Schoener, answered questions regarding the results of the recent SEC cybersecurity exams and identified the top takeaways with meaning to hedge funds and investment management firms. Here’s a look at our Top 10 Takeaways from the recent exam findings. If video is more your style, you can watch the full webinar replay here.
1. WISPs are well adopted.
A WISP, or Written Information Security Policy, was found to be employed by 93% of broker-dealers and 83% of registered investment advisers. What is typically included in a WISP document? Similar to business continuity plans, WISPs identify scenarios firms need to be aware of from a security perspective as well as preparedness measures to address those scenarios. Both administrative and technical safeguards are identified, giving firms a complete picture of what to protect and the processes in place to do so.
In this Opalesque.TV video interview, Bob Guilbert and Vinod Paul from Eze Castle Integration discuss the cybersecurity landscape of the investment community, specifically the risks facing hedge funds and alternative investment managers in 2015. Both spend the majority of their time educating their client base on internal and external risks, protecting them against the “Activist Hacktivists” looking for any means of entry into funds.
These hackers will spend weeks, months, and sometimes even years trying to get access, most often with the goal of triggering illicit wire transfers out of the fund.
Today, the usual efforts of employees to avoid clicking links or opening files and password protocoling aren't enough. Everyone should be aware of new techniques employed by hackers like “spearfishing” and “whaterhole” attacks which, with more institutional dollars flowing into hedge funds, will become more frequent. Unless funds have the right Written Information Security Policy (WISP) and processes in place, together with true intrusion detection that monitors what is coming into the firm and what data and information is going out of the firm, they can be at risk of a cybersecurity attack.
This month (February 2015) The Financial Industry Regulatory Authority (FINRA) issued a Report on Cybersecurity Practices to assist firms in responding to the growing threats of cyberattacks. The report centered on seven (7) “key points” as defined by FINRA.
Our team regularly counsels clients on how to address these cybersecurity practices. So in the interest of sharing, here is a high level snapshot of how Eze Castle Integration addresses the key points in the report.
Key Point 1: A sound governance framework with strong leadership is essential. Numerous firms made the point that board- and senior-level engagement on cybersecurity issues is critical to the success of firms’ cybersecurity programs.
Eze Castle Integration has an appointed Chief Information Security Officer and an established Computer Security Incident Response Team (CSIRT). CSIRT members have predefined roles and responsibilities, which can take priority over normal duties. The CSIRT team is overseen by the Chief Information Security Officer (CISO), and comprised of individuals from various groups such Network Operations, Client Services, Cloud Services, Project Management, and Human Resources.