With October being cybersecurity awareness month it is an important time to ensure your firm and employees are aware of and using best practices, and security policies and procedures. Risk mitigation is needed to protect both the firm and its employees from savvy hackers and attacks. Data breaches continue to wreak havoc on businesses, and the cost is continuously rising. According to the Ponemon Institute, the total average cost of a data breach is now $4 million, up from $3.8 million in 2015. Hackers have everything to gain while your firm bears reputational and operational harm.
While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. To get started here are just a few pieces of advice we offer our investment firm clients and remember to not only inform employees on what to do, but also what not to do.
The new Apple iOS version 10, that was released today, delivers some cool new features but before jumping in we recommend you review the following upgrade steps.
Here’s why. As with any major update, there can be risks associated with early adoption until issues are uncovered and Apple has the time to debug and fix them. Eze Castle Integration has learned of some significant potential issues including risk of data loss due to incompatibilities with mobile device management (MDM) applications.
So here’s a critical to-do list before starting the iOS 10 upgrade.
FIRST - BACKUP
Backup your device. Always take a backup before updating your device.
1. The best way to do this is via WiFi at night when the device is also plugged into a power source (computer or electrical outlet). iCloud will back up your device on its own if configured correctly and provided you have enough storage. To ensure this is occurring, launch the Settings App -> iCloud -> Backup and see what it says next to “Last Backup:”. If it only states a time, then it means it backed up today and no further action is needed. If it says a date, you can back up the device by clicking “Back Up Now”. (Note: WiFi is required to back up this way). If this fails, you can back up to iTunes (see next bullet) or clients can call ECI’s Help Desk for assistance.
2. Alternatively, you can backup using iTunes. Plug the device into a computer, launch iTunes, right-click on your device and click “Back Up.”
Manually backup passwords. Ensure you know your iCloud passwords, iTunes Store password, email passwords and any other critical passwords. Write them down and test them. Then safely and securely discard that information. As a best practice, there are secure password storage applications available through the App Store.
Copy anything you can’t live without. Backup anything (i.e. photos) that you cannot live without. Do so in a way that you can verify the backup easily. One option is enabling iCloud Photo Library so you can access copies of your photos on all your other iOS devices.
The day that many Apple users wait for every year finally came - the release of the newest Apple products. From the latest iPhone to the all-new Airpods, Apple had a lot to share with us yesterday afternoon. We’ve recapped some highlights below.
Watch Series 2
Unlike the Watch Series 1, the Watch Series 2 now has a built-in GPS and is water resistant. The new processor will now be in the Watch Series 1 and the Watch Series 2, but there will be a $100 price difference between the two models.
The new iPhone 7 introduces a new camera, better performance, longer battery life, stereo speakers, the brightest display yet, and it’s the first water resistant iPhone. iPhone 7 and iPhone 7 Plus are splash, water, and dust resistant and were tested under controlled laboratory conditions with a rating of IP67 under IEC standard 60529. Battery life and charge cycles vary by use and settings, but the iPhone 7 and & 7 Plus have been tested to hold a charge up to one (7 Plus) or two (7) hours longer.
Strangely, Apple seemed quite excited to announce the introduction of two new colors - black and jet black.
The biggest change for iPhone users is the elimination of the audio port. Stepping in are AirPods, Apple’s version of wireless headphones. The iPhone 7 will come with traditional EarPods that are connected through the lighting connector (goodbye, headphone jack!), or you can use an old set of headphones using the provided adapter. AirPods are an additional cost ($159).
On Thursday, August 25, Apple released iOS 9.3.5, the latest version of its iOS and one that should not be ignored. This update addresses multiple security vulnerabilities – namely three iOS flaws that cybercriminals or governments can use to steal confidential messages and eavesdrop using your device’s camera and microphone. It is recommended that all iOS devices be updated immediately.
The Story Behind Uncovering the iOS Exploit
The story behind the discovery of these iOS exploits provides a glimpse into the lucrative world of cyberwar and cybercriminals.
It all started when an internationally recognized human rights defender, Ahmed Mansoor, received two suspicious SMS text messages with hyperlinks. Mansoor identified the messages as questionable and forwarded them to researchers at Citizens Lab and Lookout Security for investigation.
Citizens Lab and Lookout, according to their report, “determined that the links led to a chain of zero-day exploits (“zero-days”) that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware.” This spyware, known as a government-exclusive “lawful intercept” product, would have made Mansoor’s phone “a digital spy in his pocket” able to use the iPhone’s camera and microphone to monitor activity near the device. It also would have allowed for recording of his WhatsApp and Viber calls, logging of messages sent in mobile chat apps, and tracking of his movements. Scary stuff.
Phishing at Its ‘Finest’
According to a Lookout Security blog post, "the attack sequence, boiled down, is a classic phishing scheme: Send text message, open web browser, load page, exploit vulnerabilities, install persistent software to gather information. This, however, happens invisibly and silently, such that victims do not know they've been compromised."
If you haven’t already, now might be a good time to check out the Eze Managed Phishing and Training Service (after you update your iPhone of course).
What did Citizens Lab and Lookout Security Do?
The below information is an excerpt from Eze Castle Integration’s 2016 webinar: The Evolution of Investor IT Due Diligence.
Investors have long been asking questions about firm operations and even technology. But with the way IT has evolved over the last 5-10 years, it’s no wonder investor inquiries have changed in both size and scope. Of course, in addition to technology evolution, we’ve also seen influences on the regulatory side, as the SEC continues to examine and evaluate firms’ security practices, which ties heavily into technology.
In looking back, it’s not unfair to say that 10 years ago, technology was what we’d call a “check the box” category. An investor due diligence questionnaire may have been one or two pages and focus mostly on firm investment history, performance, etc. On the IT side, it may have said “are you using an outsourced IT provider” or even “do you have a disaster recovery system” but beyond that, there was very little inquiry into the types of technologies being used at hedge funds as well as the protections in place to mitigate risk.
Of course, times have changed and now we see investor DDQ documents upwards of 5-10-20 pages in length and asking great levels of detail about technology, cybersecurity and operations. So let’s talk a little bit more about the influences for this due diligence evolution.
Categorized under: Hedge Fund Due Diligence Cloud Computing Security Disaster Recovery Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing
In today's Eze Castle Tech Tip: we're discussing myths about Voice over IP -- or hosted voice -- services.
It's time for another Tech Tip video! Today, we have five security practices your investment firm should not overlook. Watch and learn!
This article was written by Bob Guilbert, Managing Director, and first appeared in Hedgeweek's 2016 Guide to Setting Up an Alternative Investment Fund in the USA.
You're a new fund manager, and somewhere on your task list the letters "IT" are probably followed by a question mark. Odds are, you don't have a technology background, so as your firm's Chief Operating/Financial/Compliance Officer (or in some cases, Portfolio Manager), the sudden responsibility you've undertaken as your firm's de facto IT Manager is intimidating at best.
The good news is, as a startup, your IT options are pretty clear. In 2016, there's no better technology decision a new firm can make than selecting a cloud platform – an infrastructure that has proven benefits including scalability, flexibility and robust security, among others. And while the thought of hosting IT offsite was once a worry for allocators, today's investors find comfort in knowing hedge fund and alternative investment firms are focusing on their investment priorities and leaving the technology decisions to the experts.
From our perspective, the cloud is now a tried and tested infrastructure environment that is acceptable to the institutional investor community. They have become very thorough in their operational due diligence process, understanding exactly what cloud providers provide from an operational, management and security perspective. This has allowed managers to become much more comfortable at appointing a cloud provider to deliver an infrastructure that will perform well in any type of trading environment.
Where managers need to spend their time is deciding on the best cloud provider to work with, as opposed to thinking about whether or not they should use a cloud provider in the first place.
And how exactly do emerging fund managers embark on that decision-making process?
You’re about to embark on a business trip or drift away with the waves and a margarita or two on an overdue vacation. To let your clients, partners, colleagues, and the like know that you won’t be able to respond to their emails, you create an out-of-office message.
The typical auto-reply includes a brief explanation of why the recipient is out of the office, an approximate date of return and who the sender can alternatively contact. You may also list your chain of command and if you manage multiple departments, perhaps include the names and contact information for each division. Although this may appear innocuous to the untrained eye, those who are well-versed in information security, or simply read the latest cybersecurity headlines, would immediately cringe at the various red flags.
Let’s examine the probable scenarios that could transpire upon the auto-reply’s launch.
Physical Security Threat
Auto-replies that disclose travel details pose a physical threat as they provide criminals or intruders with the recipient’s whereabouts. Regardless of whether location is provided, one can link travel dates to a popular industry trade show. Criminals may gather this information from other resources, such as a company’s posts and images shared across social networks (e.g. Twitter, Facebook).
On Monday, March 21st at its California headquarters, Apple unveiled a new iPhone and iPad, as well as announced improvements to current products. Fittingly, CEO Tim Cook also discussed security at length – not shying away from concerns resulting from the current fight with the FBI. "We believe strongly that we have a responsibility to help you protect your data and protect your privacy. We owe it to our customers, and we owe it to our country,” he said. The key takeaways from the event are summarized below.
The 4-inch iPhone SE
The new iPhone was introduced as having all the power of the iPhone 6s, but with the aesthetic of the iPhone 5. The reason, said Apple VP Greg Joswiak, is simple: “For some people, they simply love smaller phones.” With a $399 price point, analysts believe that the new phone is Apple’s attempt to penetrate the fastest-growing markets of India and China, specifically “prepaid consumers who cannot afford, or are not familiar with, bigger screen smartphones,” said Neil Mawston, an analyst at Strategy Analytics.
The iPhone SE promises an A9 processor with faster LTE and Wi-Fi speeds, better battery life, 4k and 240 fps slow-mo video recording, live photo support, and Apple Pay. The 16GB model, as well as a 64 GB model for $499 go up for pre-order on March 24, 2016, with the first units shipping March 31, 2016.
9.7 inch iPad Pro
The “baby brother” to the 12.9 inch screen iPad Pro that some consumers deemed too large, the new 9.7 inch model is roughly the same size as the iPad Air 2 but with features like Apple Pencil, Apple’s Smart Keyboard, a 12 MP rear camera with 4K video recording and live photo support, and a 5 MP front-facing camera. In addition, the screen of the new iPad pro will be 40% less reflective than that of the iPad Air 2, but will be 25% brighter.
A feature called “True Tone” will benefit designers by constantly checking the lighting of the room and adjusting accordingly for color accuracy. Three models will be available for pre-order March 24, 2016: the 32GB for $599, 12GB for $749, and 256GB for $899.