We spend a lot of time educating our clients about security best practices and encouraging them to implement comprehensive security policies and procedures to mitigate risk and protect both the firm and its employees. And for good reason. Data breaches continue to wreak havoc for businesses, and the cost is steadily rising. According to the Ponemon Institute, the total average cost of a data breach is now $3.8 million, up from $3.5 million in 2014.
While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. In addition to providing employees with security best practices they should follow, don’t forget to also include a list of actions they should not. Here are just a few pieces of advice we regularly offer our investment firm clients. You can download our full IT Security Dos & Don'ts eBook by clicking here.
Lock your computer and mobile phone(s) when you leave your desk and/or office
Use care when entering passwords in front of others
Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)
If you’re a loyal Hedge IT reader, you may remember we highlighted a few simple dos and don’ts that, when utilized, can go a long way in shoring up your firm’s security. To make it easy, we’ve put these tips together into a video. Take a look below and discover a vast range of security tips and tricks from email encryption to proper security measures for protecting computers and mobile devices.
Welcome back for our monthly Eze Tech Tips Video.
2016 is just around the corner, which means we’re entering resolution time and the hedge fund launch season. So, here’s our list of the top four hedge fund IT mistakes you need to resolve not to make in 2016.
Times have changed. There is little doubt that the hedge fund industry has evolved in recent years with the rise of new regulations, the wide spread adoption of cloud services and deep focus on cybersecurity risks. These changes have affected the way many firms do business on both operational and technology levels.
But what effect do these changes have for the person responsible for technology at a hedge fund or investment firm? As a Chief Technology Officer (or comparable role: Director of IT, Chief Information Officer, etc.), one has historically been responsible for day-to-day IT functions and routine technology refreshes. But as the industry has experienced rapid change over the last several years, so too have the CTOs and their responsibilities.
If you’re one of the seemingly few firms who has yet to make the move to the cloud, it could be for a variety of reasons. Perhaps you want to maintain total control of your IT environment. Or maybe you’re waiting for a tech refresh to motivate you. Alternatively, it could be that you just haven’t made the proper case to management for switching to the cloud – and many times the one who really needs convincing is the Chief Financial Officer (CFO).
If you’re the Chief Technology Officer (CTO) or IT Manager, your responsibility is determining the infrastructure choices that are going to best suit operations at your firm. But those priorities may not line up exactly with those of the firm’s CFO. IT doesn’t always have insight into the financial ramifications of an operations decision of this magnitude. Instead they are typically focused on the other benefits including personnel reallocation, workflow efficiencies, etc.
The CFO, on the other hand, is ultimately tasked with ensuring the company’s financial decisions are appropriate, and therefore, it’s often advantageous to at least attempt to speak his/her language when pushing for an IT change.
A new year, which is just around the corner, brings us endless opportunities to improve. So here’s a list of the top 4 IT resolutions that will help keep your hedge fund safe and sound in 2016.
Public cloud tools and free file sharing services are wholly owned and managed by third-party providers. Because infrastructure costs are spread across all users who are employing the service, each individual client is able to operate at a low cost. Public cloud tools are typically larger in scale than private enterprise clouds, which provide users with seamless, on-demand scalability.
These factors may seem to support the belief that public clouds and free file sharing services would suffice for a business’s basic infrastructure and file sharing needs. However, upon closer examination, it is clear that there are a number of areas in which these tools fall drastically short of meeting the crucial business needs of investment management firms.
Our Eze Voice (think financial services grade VoIP) is now available to firms across the United States and United Kingdom. In honor of this global availability, we want to debunk some common myths associated with VoIP for financial services forms.
Voice over IP has come a long way especially in the business world, but many financial services firms still have hesitations about making the switch. Check out these five common myths about Voice over IP.
MYTH 1: Poor Call Quality – Everyone will know I’m on VoIP
Call quality is a key concern and can be impacted by a number of items including the network, available bandwidth and even the type of phones being used. However, a well-designed business-caliber VoIP system can deliver quality of service comparable to an in-house phone system. In business settings, where calls are made over private IP connections, Quality of Service (QoS) can be monitored and guaranteed because the entire IP connection is controlled by the party making the call.
When evaluating VoIP services, it is important to inquire about the underlying network and how voice traffic is prioritized and routed. You want a provider that has full control over network traffic and can ensure high quality of service. For added confidence, ask to speak with existing VoIP customers (over the phone!) to hear about their experiences first-hand.
MYTH 2: VoIP is Unreliable – I’ll Experience Downtime
A natural extension of the call quality concern is the reliability concern. While consumer-grade VoIP services work over the Internet to deliver low cost services, Business-grade VoIP services often use the Internet as a backup and have private IP point-to-point lines for primary connections. If Internet is the primary transit, be sure you are working with a VoIP provider who manages the entire network and has control over traffic prioritization. In most cases you want to ensure voice traffic takes precedent over data or travels on a different network.
People take vacations. Companies don’t.
Hedge funds, just like most financial firms, need staff to run their technology, handle special projects, build (and manage) complex applications and of course execute core business activities. But in many cases it is not realistic or cost-effective to keep everything in-house. Enter outsourced staffing.
Outsourced staffing options for hedge funds abound. So let’s take a look at five common outsourcing practices. If you want to learn about other areas to outsource your hedge fund's technology, read our Manager's Guide to Outsourcing here.
The security threat landscape continues to evolve, and security through obscurity is no longer (and probably never was) an ideal approach to protecting the sensitive data of the hedge fund industry. A 2015 Cyber Security Intelligence Index study by IBM found that over 62 percent of cyber incidents targeted three industries -- Finance, Insurance, and Information and Communications -- highlighting the serious risk cyber intrusions present to financial firms.
The report found that in 55 percent of all cyber attacks in 2014 were carried out by either malicious insiders or inadvertent actors and that unauthorized access triggered nearly twice as many incidents in 2014 compared with 2013. According to the report, “certain types of unauthorized access incidents rocketed to the top, accounting for 37 percent of the total—nearly doubling from 19 percent in 2013. ShellShock and Heartbleed were the game changers here.”
Another example cited was that malicious code and sustained probes together accounted for 40 percent of all the incidents observed. According to IBM, with an ever expanding array of malware from which attackers may choose— including viruses, worms, Trojans, bots, backdoors, spyware and adware—it seems fairly certain that malicious code incidents will continue to wreak havoc for the foreseeable future.”
These examples demonstrate that the risks facing large organizations and smaller firms (read: hedge funds) are just as real. To that end, we regularly team with eSentire to speak with hedge fund CTOs about the security landscape and their managed security technology. Additionally, Eze Castle Integration utilizes eSentire intrusion detection technology within our Eze Private Cloud and to power our Eze Active Threat Protection services.
Feedback on eSentire’s offering and approach is always received positively and the spark for this tech spotlight article.