Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Business Continuity Planning

Common Information Security Mistakes (Video)

By Kaleigh Alessandro,
Thursday, November 20th, 2014

As hedge funds and investment management firms shore up security practices in an effort to comply with the SEC cybersecurity expectations and other industry and investor standards, it can become overwhelming to sort out what's required and how firms should go about achieving compliance. It can also be easy to make mistakes. We asked Eze Castle's Business Continuity and Data Privacy Manager, Lisa Smith, to tell us about some of the common information security mistakes she witnesses firms make and how to avoid them in the future. Here are some of the key questions Lisa answers:

  • Where are you seeing the most deficiencies in cybersecurity preparedness?

  • What goes into an effective Written Information Security Plan?

  • What common mistakes do you find firms are making when it comes to information security safeguards?

Take a look at Lisa's answers!

Categorized under: Security  Disaster Recovery  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Outsourcing  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



Crisis Communications Tips for Business Continuity

By Matt Donahue,
Tuesday, November 18th, 2014

How important is day to day communications within your company/firm? If an incident or disaster occurred today, how would your organization respond? Do you have a team or group designated to develop messages for both internal (employees, vendors, third parties, building management) and external (public, employee families, media) contacts? Have they practiced? When the pressure is on, is your organization prepared if a disaster or event suddenly puts your firm under the microscope with an onslaught of internal/external calls, questions, requests, emails, social media messages or media requests?Communication

Crises and disasters continue to happen across borders and industries. Let’s not forget some of the more recent large scale disasters such as Hurricane Katrina, Typhoon Haiyan, Deepwater Horizon, Fukushima, Hurricane Sandy, and, of course, the ongoing major data breaches, just to name a few. That list doesn’t include more common events that may not make the major news networks such as utility failures, office fires, and systems outages. Smaller events like previously mentioned can cause minimal to significant disruption to business operations. This is why developing and practicing a variety of communications is vital in an organization’s response to an incident.

Some of these events can be predicted in advance, giving an organization time to make decisions, analyze other organization’s responses, consider impacts, and communicate a message or action. Sometimes events are sudden, such as an earthquake or active shooter. These events require immediate actions, decisions, and communications to be made. In either case - an immediate or delayed event - communication is critical to demonstrating proper leadership and providing employees with proper direction, especially if the event is centered specifically on your organization.

Categorized under: Business Continuity Planning  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Communications  Trends We're Seeing 



Hedge Fund Cybersecurity: Preparing Your Defensive Team

By Katie Sloane,
Thursday, November 6th, 2014

When it comes to cybersecurity defenses, this isn’t a fantasy league. The threats are real and growing in sophistication for the hedge fund and alternative investment industry. In today’s blog, we will discuss how to prepare your firm’s defense for external attacks and internal breaches.Hedge Fund Cybersecurity

Cybercrime works like a defensive team that studies their opponents and plays and can make midgame adjustments. The only true way to thwart an incident is to establish a layered security program to safeguard against attacks and vulnerabilities of all kinds. Football teams share a similar composition, as there are defensive tackles and ends, cornerback and safety roles. You need to ensure your infrastructure is highly secure and cannot be penetrated by external attackers or easily manipulated by internal threats. 

Categorized under: Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Business Continuity Planning  Software 



Preparing for Ebola: A Review of the Outbreak, its Economic Impact, and Business Continuity Considerations

By Matt Donahue,
Thursday, October 23rd, 2014

This year’s outbreak of Ebola in West Africa is the worst that has ever been recorded. The disease typically occurs in outbreaks in tropical regions of Sub-Saharan Africa. In the short span of a year, the virus, which is affecting Guinea, Sierra Leone, Liberia and Nigeria, has resulted in nearly 3,500 deaths.

In this article, we will look at where this outbreak started and the economic impact it has had both in Africa and internationally. We will also highlight the issues that businesses need to consider as this epidemic continues to expand.

Where Did Ebola Come From?
A report published in the New England Journal of Medicine suggests that Ebola’s Patient Zero (the initial patient of an epidemic) was most likely a 2 year-old boy living in southern Guinea. Unfortunately, the boy became very ill and died on December 6th 2013. Several close relatives died shortly thereafter. After the funerals, some of the attendants became ill. Following established patterns of close contact with the sick, the disease began spreading to other villages, then across the borders into Liberia and Sierra Leone. It wasn’t until March 2014 that the international aid agency MSF (Doctors Without Borders) became aware of the new Ebola outbreak and immediately got involved. In early August, the World Health Organization (WHO) declared “an international public health emergency”. On September 30th, the first case of Ebola was diagnosed within the United States.

At this time, the CDC is making both “best-case scenario” and “worst-case scenario” predictions of the total number of cases expected through January 1st 2015. Unfortunately, the predictions range from 11,000 to well over 1 million cases.

Categorized under: Business Continuity Planning  Trends We're Seeing 



NASAA Cybersecurity Report Recap: Our Favorite Graphics and Findings

By Katie Sloane,
Tuesday, September 30th, 2014

The North American Securities Administrators Association (NASAA) recently released survey results of cybersecurity practices of 440 registered investment adviser firms across nine states. The purpose of NASAA’s pilot project was to better understand cybersecurity practices of state-registered investment advisers, how they communicate with clients and what types of policies and procedures they currently maintain. Of those surveyed, 47% have assets under management of less than $25 million, 37% manage more than $25 million and 16% do not manage assets. In today’s post, we will share our favorite graphics and findings from the organization’s survey.   

Client Contact via E-mail and Use of Secure E-mail

NASAA's survey reported 92% of investment firms contact clients through e-mail and/or other electronic messaging and only 54% of that group utilizes secure email. While 14% were unsure, a staggering 30% responded that they did not utilize secure messaging whatsoever.

Hedge fund secure e-mail














 

Categorized under: Security  Business Continuity Planning  Software  Trends We're Seeing  Videos And Infographics 



19 Tips to Prepare for a Power Outage, Part 2: Individuals and Families

By Matt Donahue, Business Continuity Analyst,
Thursday, August 28th, 2014

In Part One of Tips to Prepare Your Investment Firm for a Power Outage, we shared 21 key steps from one of Eze Castle Integration's Business Continuity Experts, Matt Donahue, which can help firms to develop a Business Continuity Plan (BCP).

In Part Two, we discuss measures that individuals and families should take to prepare for a power outage or blackout.

19 Tips to Prepare You and Your Family

During an outage, it pays to have yourself and your family prepared.  Take time and talk to your family about outages and what to do when they happen.  Consider impaired or elderly family members and neighbors that may need assistance during an outage.  Do research on your town's or city's emergency preparedness plans. Learn how they will identify shelters, warming/cooling stations, and announce their opening.

Categorized under: Business Continuity Planning  Disaster Recovery  Hedge Fund Operations  Communications  Software 



21 Tips to Prepare Your Investment Firm for a Power Outage

By Matt Donahue, Business Continuity Analyst,
Tuesday, August 26th, 2014

Extended power outages and blackouts have the potential to impact not only businesses but also our personal lives. Without electrical power, some business functions may cease entirely, resulting in the loss of valuable data and production time.  

With Hurricane Season here and Tropical Storm Cristobal brewing in the Atlantic, we are running a two part series contributed by one of our Business Continuity Experts here at Eze Castle Integration – Matt Donahue.

In today’s article Matt looks at the steps or actions investment firms and other businesses can follow in order to mitigate, prepare, respond, and recover from an extended outage or blackout. Then Thursday’s article will focus on these same topics but for individuals.

Preparing for Power Outage21 Tips to Prepare Your Business

During an outage, investment firms risk data losses, experience logistical issues and experience unfavorable or impossible working conditions. Heavy reliance on technology items, IT systems and software can put businesses in a difficult situation during an outage, especially if they have not pre-planned or completed a Business Continuity Plan (BCP).  Other mitigation activities such as purchasing alternative or back up power sources such as batteries or generators are good ways to ensure power for essential items.

Here are some other helpful steps and precautions investment firms should consider.

Categorized under: Business Continuity Planning  Disaster Recovery  Hedge Fund Operations  Communications  Software 



Assessing Your Firm's Attitude Toward Security: What's Your Type?

By Kaleigh Alessandro,
Thursday, August 21st, 2014

If there’s one thing we’ve learned over the years when it comes to security, it’s that there’s a whole lot more to creating a secure hedge fund (or any business for that matter) than robust technology. Before identifying infrastructure components and implementing operational policies, a firm must first be clear on what its attitude is toward security. This attitude will filter through the company from the top down, and will therefore dictate how employees and the business as a whole operate on a daily basis.Security
 
To give you a clearer understanding of what we mean, we’ve created three security profiles that cover a wide spectrum in terms of security attitudes and practices.

Under the Radar: Low Security

If you’re attitude toward security is low, odds are you’re barely scraping the surface in terms of what practices and policies you should be employing to maintain proper security firm-wide. You likely rely on quick fixes to solve problems instead of looking at the bigger picture and thinking strategically about how security can both benefit and protect your business. You’ve employed minimal preparedness efforts and could be in for a difficult task if faced with a serious security incident. You probably take a “it won’t happen to me” attitude and don’t take security seriously enough – a stance that could endanger your firm in the long term.

Categorized under: Security  Launching A Hedge Fund  Cloud Computing  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



Monetary Authority of Singapore (MAS): Technology Risk Management Guidelines Overview

By Kulvinder Gill,
Tuesday, August 5th, 2014

Monetary Authorirty of SingaporeThe last five years has seen an increase in reliance on technology among financial institutions. IT outsourcing has become more attractive to the financial services industry - but against the backdrop of increased reliance on complex IT systems and operations is the heightened risk of cyber-attacks and system disruptions.

In June 2013, the Monetary Authority of Singapore (MAS) issued the Technology Risk Management Guideline (TRMG), which addresses existing and emerging technology risks within financial institutions.   
 
The objective of the TRMG is for financial firms to establish a sound and robust technology risk management framework, strengthen system security, reliability, resiliency, recoverability and deploy strong authentication to protect customer data and systems.

In today’s blog article we will take a look at some of the key guidelines covered in the guide:

Categorized under: Hedge Fund Regulation  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Infrastructure  Outsourcing  Business Continuity Planning 



BCP Testing Outside the Conference Room: Hello, Real World

By Matt Donahue,
Tuesday, July 22nd, 2014

Business Continuity StatisticWhen most people envision Business Continuity Planning (BCP) and testing, they conjure up images of conference rooms, hardcopy documents, projectors and key personnel. But the real world is a different reality.

In recent memory, there have been many situations that have disrupted businesses - be it by natural disaster or as a result of human interference. In either event, people need to be able to reestablish essential business functions, communicate, and make decisions as quickly and easily as possible. 

Although many organizations do an annual BCP review, the big question is whether they truly test the process, ease of accessibility, and the time it takes an organization/leadership group to go from unsure about the situation to confidently executing a thoughtful game plan.

What can make a considerable difference in terms of functionality and familiarity with the plans and recovery procedures is to practice -- not only verbally in the conference room setting, but also by taking time to troubleshoot and brainstorm to determine what works and what may need a second look. There is a lot that can be learned from being unplugged and “kicked” out of the conference room and asked to assume a role outside of the comfort zone. This can be done simply by taking away some of the accepted norms during a test. The following scenario illustrates issues that arise when the accepted norms are chipped away.

Categorized under: Business Continuity Planning  Disaster Recovery  Security  Hedge Fund Operations  Communications 



View earlier posts in the archive

Recent Posts / All Posts

 

Subscribe to Hedge IT

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Recent Articles

Categories

Archives