We’re in Hurricane Season so let’s look at some best practices to ensure you and your employees are prepared for the unexpected. Remember, these four Eze Tech Tips are great for the next Snowmageddon too.
Want more Disaster Recovery Tech Tips?
Here are your options:
Business continuity planning. Disaster recovery. BCP. DR. You know the terms. You know investors are looking for them. But do you know what the real differences are between them?
Business Continuity Planning and Disaster Recovery have the same goal: to implement procedures that will enable a business to recover in the event of a disaster or disruption. But each has its own focus. Business Continuity Planning revolves around people. A hedge fund business continuity plan should identify the steps necessary to get operations up and running as it relates to business functions and personnel. BCP plans usually identify mission-critical services, communication strategies, employee recovery procedures and training methods.
Disaster Recovery Planning is directly related to the technology and infrastructure that supports business operations. In developing a disaster recovery strategy, hedge funds typically examine what applications and services they have in production and which ones are mission-critical. File shares, email, accounting and trading applications and voice capabilities are often the first that come to mind, but firms should evaluate which are most essential to them. The two most important factors associated with disaster recovery planning are the recovery point objective (RPO) and the recovery time objective (RTO).
Back on July 8th of this year, the New York Stock Exchange (NYSE) experienced a temporary outage and proactively suspended trading. In many ways, the NYSE acted swiftly and responsibly when they noticed that there was a technical issue with its trading platform. The NYSE realized quickly that traders would not be able to reliably trade and ultimately decided to suspend trading across the market until full functionality could be restored. In total, NYSE trading was suspended for nearly four hours.
Although the overall impact of the downtime was minimal in the grand scheme, had this event impacted the public market data feed which traders and investors use to access critical information on public markets, the impact would have been more severe. Even still, there are some takeaways from this event. A positive: the success of the SEC Regulation NMS implementation. A negative: critique of the initial communications from the NYSE. Let’s examine these a little closer.
A Win for SEC Regulation NMS
The technical issues that caused the NYSE to suspend operations on July 8th occurred as the result of a new software rollout. All open orders at the time were canceled. Most investors were able to continue trading utilizing one or several of the 11 other Exchanges or 40+ dark pools to execute trades. A recent Wall Street Journal article1 indicated that as of 2005, 80% of the trades conducted across the U.S. stock market were via the NYSE. That figure currently stands at about 20%, in part because of a 2007 regulation commissioned by the SEC called Regulation NMS (national market system). This rule, enacted in 2007, allows for orders to be directed to the exchange that quotes the best price. It also reduces transaction fees for investors as a result of increased competition. Therefore, there is fortunately redundancy and flexibility for traders if a single or multiple markets are experiencing downtime. Had July’s technical glitch taken place a decade earlier when the majority of US stock trades were executed on the NYSE, the impact would have been more severe.
As summer officially approaches its halfway point, we at Eze Castle Integration hope that everyone is enjoying the beautiful weather. We also want to take this opportunity to remind folks to be mindful that your firm can still be vulnerable, even when the weather is warm and sunny. With heat and humidity rising, power usage is increased to keep offices cool, leaving firms susceptible to power outages. Additionally, with employee vacations prevalent during the summer and offices less crowded, there are fewer gatekeepers protecting your firm from social engineering threats and hackers. Let’s examine some of these factors a little more closely and offer some business continuity and security tips to keep your firm running at full speed in the summer heat.
Impact of the Heat: Power Outages
You are sitting at your desk and recording sensitive information for one of your clients, when all of a sudden your screen goes black, and the office is completely dark. Your firm has experienced a power outage caused by increased usage during the summer months, and you are not sure if your information and technology is protected.
The months of July, August and September are considered the “blackout season” as major cities use the most power during these months, leaving them susceptible to power outages. According to the Energy Information Administration, electrical power outages, surges and spikes in usage bring about more than $150 billion in annual damages to the U.S. economy.1
Did you know that the average cost of a data breach is $3.8 million? Or, that the consolidated average cost incurred for each record of lost or stolen sensitive and confidential information has increased six percent (6%) since 2013 from $145 to $154? A recent study of 350 companies spanning 11 countries reported the aforementioned statistics, representing a twenty-three percent (23%) increase in data breach consolidated costs.
If communicating to your employees, investors, vendors, and partners is important on a daily basis, then ensuring effective communication during a disaster or disruption should be a priority, too. There are many reasons why it may be advantageous for a firm to consider utilizing an Emergency Notification System (ENS) in order to ensure that internal and external parties are kept informed and updated. Traditional calling trees are cumbersome and time consuming, and emails -- especially outside of business hours -- can often be overlooked. Today, notifications systems can quickly and effectively send messages using a variety of delivery methods. It’s no wonder many companies large and small are moving to these kinds of systems. However, finding the right system requires some thought and planning. This article will cover some items firms may want to consider when shopping for a notification system.
Does the system require on site hardware or is it hosted online or a hybrid of the two?
On Site: This option is rarely utilized, and it means that hardware/software will have to be added locally to the firm’s infrastructure to sync up with the system. Depending on the current IT set up, firms may want to discuss this option with their IT administrator or provider to ensure it is feasible. This option can be vulnerable if there are local issues affecting the firm’s office because it will most likely also affect the notification system.
In Part 1 of the SEC's recent cybersecurity guidance update, the regulatory body highlighted the need for cyber risk assessments across multiple areas of a registered firm's organization. Continuing to address how firms should prepare for security incidents before they occur, Part 2 of the SEC's guidance update focuses on how hedge funds and registered investment advisers should prevent, detect and respond to security incidents.
Take a look at the latest installment of our video series or scroll down to read a brief recap.
Categorized under: Security Launching A Hedge Fund Cloud Computing Disaster Recovery Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing Videos And Infographics
If you missed our 'Starting a Hedge Fund' webinar last week, you missed a lot. Luckily, our webinar replay is available here, and we're now onto Part Two of our recap. If you missed Part One - which focused on the structural and formation basics of starting a new hedge fund - click here. In Part Two, we're recapping what our very own Managing Director Vinod Paul covered, specifically around IT infrastructure decision-making, cybersecurity protections and common technology mistakes.
2015 Technology Priorities
Before looking at the specific technology infrastructure components emerging managers should consider before and during the launch phase, let's first cover some large-scale IT priorities for startups in 2015. We've identified three major priorities:
Selecting the right service providers. Whether it's outsourcing IT, administration or another critical function, it's imperative for startups (and successful hedge funds in general) to conduct proper due diligence and forge partnerships with providers that offer flexibility and accountability.
Understanding your firm's vulnerabilities and exposures. Security, security, security. It's the most critical area of focus for hedge funds in 2015. Firms should understand what risks could affect their businesses and the safeguards in place to mitigate those risks.
Employing an infrastructure your firm can grow with. You're a startup, yes. But you can't afford to act like a startup, at least when it comes to your technology. Selecting an infrastructure platform and provider that can grow with your firm and support you 2, 5, 10 years down the road is critical to your success, and will save you money and headaches in the long run.
Categorized under: Launching A Hedge Fund Cloud Computing Disaster Recovery Security Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing Videos And Infographics
Yesterday, we hosted a hedge fund launch webinar called “A Checklist for Starting a Hedge Fund in 2015,” which focused on structure and strategy considerations for hedge fund startups as well as focus areas for your technology infrastructure and cybersecurity systems. Marni Pankin, partner at Marcum LLP, and Vinod Paul, managing director at Eze Castle Integration, shared their expert knowledge on what they consider to be the top priorities for hedge fund startups in 2015.
Pankin started with a checklist of her own, including what an emerging manager should look for when launching a new hedge fund. Below is a brief summary of her checklist and be sure to read our second article, "Starting a Hedge Fund: Your IT and Cybersecurity Checklist" here.
Categorized under: Launching A Hedge Fund Cloud Computing Disaster Recovery Security Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing
Recently, the North American Securities Administrators Association (NASAA) has implemented new requirements on state registered advisors regarding firm’s business preparedness plans. Specifically, the rule requires firms to establish, implement, and maintain both a Business Continuity and Succession Plan.
Whether firms have existing plans already in place or are developing plans for the first time, they must ensure plans are in line with the NASAA’s new Model Rule regulations and guidance. Below are the specific areas identified as part of the new rule:
The protection, backup, and recovery of books and records.
Alternate means of communications with customers, key personnel, employees, vendors, service providers (including third-party custodians),and regulators, including, but not limited to, providing notice of a significant business interruption or the death or unavailability of key personnel or other disruptions or cessation of business activities.
Categorized under: Business Continuity Planning