Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Business Continuity Planning

BCP Testing Outside the Conference Room: Hello, Real World

By Matt Donahue,
Tuesday, July 22nd, 2014

Business Continuity StatisticWhen most people envision Business Continuity Planning (BCP) and testing, they conjure up images of conference rooms, hardcopy documents, projectors and key personnel. But the real world is a different reality.

In recent memory, there have been many situations that have disrupted businesses - be it by natural disaster or as a result of human interference. In either event, people need to be able to reestablish essential business functions, communicate, and make decisions as quickly and easily as possible. 

Although many organizations do an annual BCP review, the big question is whether they truly test the process, ease of accessibility, and the time it takes an organization/leadership group to go from unsure about the situation to confidently executing a thoughtful game plan.

What can make a considerable difference in terms of functionality and familiarity with the plans and recovery procedures is to practice -- not only verbally in the conference room setting, but also by taking time to troubleshoot and brainstorm to determine what works and what may need a second look. There is a lot that can be learned from being unplugged and “kicked” out of the conference room and asked to assume a role outside of the comfort zone. This can be done simply by taking away some of the accepted norms during a test. The following scenario illustrates issues that arise when the accepted norms are chipped away.

Categorized under: Business Continuity Planning  Disaster Recovery  Security  Hedge Fund Operations  Communications 



IT Security Dos and Don'ts to Live By

By Kaleigh Alessandro,
Tuesday, July 15th, 2014

We spend a lot of time educating our clients about security best practices and encouraging them to implement comprehensive security policies and procedures to mitigate risk and protect both the firm and its employees. And for good reason. Just today, New York Attorney General Eric Schneiderman released a report stating data breaches across the state more than tripled from 2006 to 2013 and cost businesses more than $1.37 billion last year alone.

While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. In addition to providing employees with security best practices they should follow, don’t forget to also include a list of actions they should not. Here are just a few pieces of advice we regularly offer our investment firm clients:

DO:

  • Lock your computer and mobile phone(s) when you leave your desk and/or office

  • Use care when entering passwords in front of others

  • Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Operations  Infrastructure  Communications  Business Continuity Planning  Trends We're Seeing 



Tips for Tackling Your Financial Firm's Cybersecurity To-Do List

By Kaleigh Alessandro,
Thursday, June 26th, 2014

Cybersecurity WhitepaperWe continue to speak with clients and prospects on a regular basis on the topic of cybersecurity, and with the expectation that the SEC will start security exams sometime around September, it’s evident that firms are working diligently to answer the questionnaire and shore up internal practices.
 
To continue fostering education around this topic, we hosted two events last week dedicated to cybersecurity for hedge funds and investment firms. For your convenience, you can read a brief recap of some of the key topics discussed or scroll down to watch our full webinar replay.

Cybersecurity a Hot Topic on State & Federal Level

By now, we all know the SEC has taken steps to assure that hedge funds and investment advisers put security mechanisms and practices in place to protect against cyber threats. SEC Commissioner Luis Aguilar said there is “substantial risk that a cyber-attack could cause significant and wide-ranging market disruptions and investor harm.” Even beyond the federal level, some states are chiming in on the cybersecurity front. Earlier this month, Massachusetts and Illinois acknowledged that they were polling investment advisers about their security practices, and that based on responses, state regulations could be impacted.

Categorized under: Launching A Hedge Fund  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



Keeping on Top of Cybersecurity: Q&A with Lisa Smith

By Kaleigh Alessandro,
Tuesday, June 17th, 2014

Hedge funds have known for some time the importance of effective cybersecurity, and regulation increasingly enforces this as a requirement. For any practice to be effective, however, there are a number of factors which need to be considered prior to implementation. Eze Castle’s Lisa Smith recently sat down with HFMWeek Magazine to talk about how to meet and understand the new cybersecurity guidelines advised by the SEC. Following is an excerpt of the article.

The SEC's cybersecurity questionnaire sets the framework and best practices for the financial industry. When you consider the type of information that hedge funds are handling on a day-to-day basis, it's really important that they have security controls in place. The questionnaire is a way for the SEC to ensure that hedge funds, private equity and investment management companies are taking security controls seriously and are aware of what's in place for their company.

HFMWeek (HFM): Within the sample SEC cybersecurity request document, questions were divided into five categories. What is the SEC looking for in these categories? 

Lisa Smith (LS): Identification of risk in cybersecurity governance - this involves an analysis of what's in place. So for instance - when I conduct a business assesment I'll focus on what's currently in place versus what should be in place in accordance with the recommendations from the SEC. Anything that is not in place that should be goes into our risk assesssment summary and is categorized as low, medium or high.  It's about ensuring that hedge funds have certain controls and security policies in place to protect their environment and data.

Categorized under: Security  Disaster Recovery  Hedge Fund Due Diligence  Business Continuity Planning 



Exploring the Links between Cybersecurity and Business Continuity

By Lisa Smith,
Thursday, May 22nd, 2014

Cybersecurity is a hot topic these days, so I thought it was important to touch on the importance of including cybersecurity in your firm’s Business Continuity Planning (BCP). Ideally, firms should have two separate plans: a Written Information Security Plan (WISP) and a Business Continuity Plan, keeping in mind there will be some high-level overlap.

Let’s start with the basics, such as access controls and permissions required for accessing data that is considered confidential. Access controls focus on preventing unauthorized use of an application, service, website, etc., to gain access to confidential data. Only specific users will have a business need to access confidential data. During the Business Impact Analysis (BIA) phase of business continuity planning, be sure to identify applications, services or websites that require at least one level of authentication (e.g. password protection, PC certificate, or security tokens).BCP and Cybersecurity

Categorized under: Business Continuity Planning  Security 



BCP Tip: Don't Rely on Luck to Get Your Firm Through a Disaster

By Lisa Smith,
Tuesday, March 18th, 2014

Feeling lucky that your business has never been impacted by a disaster? If so, now is the time to evaluate everything from your call tree to your disaster recovery solutions. Most studies show that up to 40 percent of businesses fail after a disaster. That means that almost half of firms reading this article will not recover if not fully prepared.BCP Emergency Kit

So what do you do to ensure that you will be more than just lucky to successfully recover from a disaster? 

Start with your documentation. What do you have? You should have a current Business Continuity Plan (BCP) and Employee Quick Reference Cards (QRCs).  If you have those two items, be sure to review them and make sure any recent changes to your business have been captured. Once you’ve validated the information is current, it’s time to test the documentation.

Categorized under: Business Continuity Planning  Disaster Recovery 



The Antidote for IT Headaches: Eze Private Cloud (NEW VIDEO!)

By Emma Howie,
Tuesday, February 11th, 2014

Managing technology at a hedge fund can be complex and time consuming, but not when you’re on the Eze Private Cloud. Adding new investment applications is a cinch, IT costs are predictable and security is robust.

Watch our new video to see what it feels like to be on the Eze Private Cloud: 


Categorized under: Cloud Computing  Business Continuity Planning  Disaster Recovery  Videos And Infographics 



How Is Your Firm Mitigating Technology Risk?

By Kaleigh Alessandro,
Thursday, February 6th, 2014

Investment risk plays an important role in the life of a hedge fund manager, but technology risk should not. When it comes to your firm’s technology systems and operations, you want things to run efficiently, not add more stress to your already crowded plate.Mitigating Technology Risk
 
Mitigating technology risk is a critical step to ensuring your hedge fund operates smoothly and successfully. Following are a few areas to keep in mind as you evaluate your firm’s technology risk:

Layers of Redundancy

One way to reduce your firm’s technology risk is to add layers of redundancy throughout your infrastructure. Whether you’re utilizing a cloud infrastructure or an on-premise environment, your servers, networking and telecomm lines should feature N+1 availability, a configuration in which multiple components have at least one independent backup component to ensure system functionality continues in the event of a failure. 

Categorized under: Outsourcing  Cloud Computing  Disaster Recovery  Security  Hedge Fund Operations  Infrastructure  Business Continuity Planning  Trends We're Seeing 



Severe Winter Weather - Before, During and After Preparations

By Katharine Washburn,
Tuesday, January 21st, 2014

Preparing for Winter WeatherPlanning is valuable in preparation for any form of event, but is essential in more common situations such as severe winter weather. Depending on where you are located, frequent weather events may not appear dangerous since you have been through them before; but what if this next storm shuts down your power for a week?

Do you know what to do or where to go? Do you have the proper supplies on hand? Weather can be a common disruption that arises quickly and without warning and affects many.

Categorized under: Business Continuity Planning  Disaster Recovery 



Cheers to the New Year! Goals and Resolutions for 2014

By Emma Howie,
Thursday, January 2nd, 2014

New Year, Fresh StartFirst and foremost, Happy New Year everyone!

2014 has officially begun, and as with every New Year, it is important to reflect on the previous year and set goals for the future.  Many of the resolutions that we made last year are still prevalent this year because they are foundational for a hedge fund’s success.  This year we are offering a few more critical recommendations to ensure that your company and IT operations run efficiently and effectively.  

Categorized under: Startup & Relocation  Business Continuity Planning  Cloud Computing  Communications  Disaster Recovery  Security 



View earlier posts in the archive

Recent Posts / All Posts

 

Subscribe to Hedge IT

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Recent Articles

Categories

Archives