Did you know that the average cost of a data breach is $3.8 million? Or, that the consolidated average cost incurred for each record of lost or stolen sensitive and confidential information has increased six percent (6%) since 2013 from $145 to $154? A recent study of 350 companies spanning 11 countries reported the aforementioned statistics, representing a twenty-three percent (23%) increase in data breach consolidated costs.
If communicating to your employees, investors, vendors, and partners is important on a daily basis, then ensuring effective communication during a disaster or disruption should be a priority, too. There are many reasons why it may be advantageous for a firm to consider utilizing an Emergency Notification System (ENS) in order to ensure that internal and external parties are kept informed and updated. Traditional calling trees are cumbersome and time consuming, and emails -- especially outside of business hours -- can often be overlooked. Today, notifications systems can quickly and effectively send messages using a variety of delivery methods. It’s no wonder many companies large and small are moving to these kinds of systems. However, finding the right system requires some thought and planning. This article will cover some items firms may want to consider when shopping for a notification system.
Does the system require on site hardware or is it hosted online or a hybrid of the two?
On Site: This option is rarely utilized, and it means that hardware/software will have to be added locally to the firm’s infrastructure to sync up with the system. Depending on the current IT set up, firms may want to discuss this option with their IT administrator or provider to ensure it is feasible. This option can be vulnerable if there are local issues affecting the firm’s office because it will most likely also affect the notification system.
In Part 1 of the SEC's recent cybersecurity guidance update, the regulatory body highlighted the need for cyber risk assessments across multiple areas of a registered firm's organization. Continuing to address how firms should prepare for security incidents before they occur, Part 2 of the SEC's guidance update focuses on how hedge funds and registered investment advisers should prevent, detect and respond to security incidents.
Take a look at the latest installment of our video series or scroll down to read a brief recap.
Categorized under: Security Launching A Hedge Fund Cloud Computing Disaster Recovery Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing Videos And Infographics
If you missed our 'Starting a Hedge Fund' webinar last week, you missed a lot. Luckily, our webinar replay is available here, and we're now onto Part Two of our recap. If you missed Part One - which focused on the structural and formation basics of starting a new hedge fund - click here. In Part Two, we're recapping what our very own Managing Director Vinod Paul covered, specifically around IT infrastructure decision-making, cybersecurity protections and common technology mistakes.
2015 Technology Priorities
Before looking at the specific technology infrastructure components emerging managers should consider before and during the launch phase, let's first cover some large-scale IT priorities for startups in 2015. We've identified three major priorities:
Selecting the right service providers. Whether it's outsourcing IT, administration or another critical function, it's imperative for startups (and successful hedge funds in general) to conduct proper due diligence and forge partnerships with providers that offer flexibility and accountability.
Understanding your firm's vulnerabilities and exposures. Security, security, security. It's the most critical area of focus for hedge funds in 2015. Firms should understand what risks could affect their businesses and the safeguards in place to mitigate those risks.
Employing an infrastructure your firm can grow with. You're a startup, yes. But you can't afford to act like a startup, at least when it comes to your technology. Selecting an infrastructure platform and provider that can grow with your firm and support you 2, 5, 10 years down the road is critical to your success, and will save you money and headaches in the long run.
Categorized under: Launching A Hedge Fund Cloud Computing Disaster Recovery Security Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing Videos And Infographics
Yesterday, we hosted a hedge fund launch webinar called “A Checklist for Starting a Hedge Fund in 2015,” which focused on structure and strategy considerations for hedge fund startups as well as focus areas for your technology infrastructure and cybersecurity systems. Marni Pankin, partner at Marcum LLP, and Vinod Paul, managing director at Eze Castle Integration, shared their expert knowledge on what they consider to be the top priorities for hedge fund startups in 2015.
Pankin started with a checklist of her own, including what an emerging manager should look for when launching a new hedge fund. Below is a brief summary of her checklist and be sure to read our second article, "Starting a Hedge Fund: Your IT and Cybersecurity Checklist" here.
Categorized under: Launching A Hedge Fund Cloud Computing Disaster Recovery Security Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing
In our latest webinar, “Understanding Written Information Security Plans," Eze Castle Integration’s resident WISP expert, Lisa Smith, shares insights into the development and maintenance of WISPs, including the basics of what a Written Information Security Plan (WISP) is and the stages that a firm’s WISP goes through. Continue reading for a recap or scroll down to watch the webinar.
What is a WISP?
A WISP is a formal documentation of a firm’s plans and systems put in place to protect personal information and company sensitive data. It includes both administrative and technical safeguards and identifies confidential information, where it is located, how it is protected, and who has access to it. Technical safeguards include an assessment of current policies such as penetration software and encryption and technical policies like password changes and access control.
This article first appeared on Opalesque as part of a four-part series on cybersecurity.
Ruane, Cunniff and Goldfarb, Inc. used to have their own IT infrastructure. Todd Ruoff, Executive Vice President in charge of trading, operations and technology, was responsible for its maintenance. Then he started looking at outsourced providers a couple of years ago, as he wanted a better disaster recovery solution, the equipment was ageing and the firm was planning an office relocation. His firm is now using Eze Castle Integration’s Private Cloud, the ECINet private Internet service and Eze Castle’s Vault backup and recovery service. He tells Opalesque how that works for him.
Ruane, Cunniff and Goldfarb is an investment advisor and broker-dealer in the US, which manages an $8bn mutual fund, a '40 Act company called the Sequoia fund. The firm has around $5bn managed in hedge funds, and another $15bn in separately managed accounts run for HNWIs and institutions.
"As a broker, we need the ability to trade," Todd Ruoff says. "We are a long-term investor who invests in large, concentrated positions, focused on a few securities. It’s important that we have access to real-time market data, which we get from various sources, as well as access to our trading systems for execution and order management. As an advisor, we need to be able to report for our clients, as well as internal portfolio management teams. All of our research is done in-house, through an organic internal process, whereby our analysts work on the subject companies, which are publicly traded equities. We invest primarily in common stocks in the US, Europe and Asia."
Despite the recent strides hedge funds have made to improve cybersecurity policies and safeguards, studies reveal that a less-heralded group is responsible for the majority of successful cyber-attacks. Flying under the radar and opening the malware floodgates with one click of a spoof email are employees ill-informed of cyber threats and potential risks.
Unbeknownst to the employee, upon release of their mouse they have guided hacktivists into his or her company’s network, exposing business critical information, financial records and passwords. And that’s just the beginning. The quantity and severity of subsequent damages are limitless, but so is the opportunity for improvement in the firm’s case.
In part two of our webinar series, Cloud Perspectives: How to Impress Investors, Security Pros & CXOs, Steve Schoener and Lisa Smith of Eze Castle Integration shared their expertise with regards to security infrastructure, policies and procedures in the cloud.
Threat Landscape for Hedge Funds
With security breaches and incidents reaching sophisticated levels, Schoener first addressed the evolution of the cybersecurity landscape for investment firms. In the past, hackers were often kids with too much time on their hands looking to create chaos for a period of time. Today, it has evolved into a business for educated hackers, conducting thorough research and drawing readily accessible information from the Internet to target individual firms as a way of making money.
It’s a question that many folks in the financial services industry have been asking for a few years now. Are potential investors comfortable with the idea of hedge funds leveraging cloud services? In Part 1 of our cloud webinar series, The Investor Perspective on Cloud and Security, we asked Ashley Gimbel, Senior Vice President at Dyal Capital Partners, to share her thoughts on evaluating the operational and infrastructure decisions of hedge funds and alternative investment firms and if investors are truly comfortable with the cloud. Click here or scroll down to watch the full replay of our conversation with Gimbel.
The simple answer is ‘yes.’ According to Gimbel, investors are and should be at ease with hedge fund clients using cloud infrastructures to support their daily operations. In fact, she says, hosted infrastructures often make more sense for firms with little to no IT resources in-house.
With a few caveats, of course. Firms should ensure outsourced cloud providers have proper Service Level Agreements (SLA) in place and are conducting appropriate oversight of their provider(s). A few other technology must-haves:
Well integrated data and systems
Established policies and procedures
Comprehensive disaster recovery