The winter season has officially greeted the East Coast with the first major storm of 2016, Storm Jonas. Jonas produced historic amounts of snow in many East Coast states setting records for all-time heaviest snowstorm at two prominent New York airports, JFK (30.5 inches) and LaGuardia (27.9inches). With these unprecedented levels of snow, New York City was forced to halt public transportation and implemented a mandatory restriction on private transportation as well. Jonas proved to be kind in the fact that the majority of the impact fell on the weekend but many firms can recall more disruptive storms occurring during regular business hours leaving many employees feeling stranded. To alleviate the stress incurred during winter storms, we sat down with our own Business Continuity Analyst, Matt Donahue, who creates, writes, and audits hedge fund’s business continuity plans. Matt spoke with us about different BCP scenarios and provided tips to keep your firm operational during the worst of storms.
Rather watch a video? Scroll down or click here to see Matt’s 15-min Q&A on winter weather prep.
Many years ago, business continuity plans were a nice-to-have feature for investment management firms. Only the largest and wealthiest firms employed them. In today's landscape, however, investors and regulators alike expect and demand that firms implement preparedness plans for disasters and cyber-attacks. BCP plans, therefore, are no longer optional.
The key to a successful business continuity plan lies in understanding the impact a disaster situation could have on a business and creating policies to respond to any such impact. Here are the five key steps to this plan:
We spend a lot of time educating our clients about security best practices and encouraging them to implement comprehensive security policies and procedures to mitigate risk and protect both the firm and its employees. And for good reason. Data breaches continue to wreak havoc for businesses, and the cost is steadily rising. According to the Ponemon Institute, the total average cost of a data breach is now $3.8 million, up from $3.5 million in 2014.
While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. In addition to providing employees with security best practices they should follow, don’t forget to also include a list of actions they should not. Here are just a few pieces of advice we regularly offer our investment firm clients. You can download our full IT Security Dos & Don'ts eBook by clicking here.
Lock your computer and mobile phone(s) when you leave your desk and/or office
Use care when entering passwords in front of others
Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)
If you’re a loyal Hedge IT reader, you may remember we highlighted a few simple dos and don’ts that, when utilized, can go a long way in shoring up your firm’s security. To make it easy, we’ve put these tips together into a video. Take a look below and discover a vast range of security tips and tricks from email encryption to proper security measures for protecting computers and mobile devices.
Operational due diligence has become a hot topic that continues to gain importance and attention throughout the alternative investment industry. Over the past few years, as regulations have changed and investors increasingly seek transparency, funds are spending more time than ever preparing for the due diligence process.
It is no surprise that the investment industry landscape is becoming more and more competitive. As this trend continues, investors are raising their expectations and looking towards funds that display the highest levels in operational excellence. One important way to ensure your firm meets these high standards is to complete a due diligence questionnaire (DDQ) that can be shared with potential investors.
A comprehensive DDQ covers a wide range of topics, from assets under management to audited financial statements and investment strategies. One major area of focus is the fund’s IT and accompanying cybersecurity policies and procedures.At Eze Castle, we frequently assist our hedge fund clients in completing DDQ questions on technology, and we often see the same types of questions popping up. So, to help you get started, we have compiled the following list of some frequently asked DDQ questions.
A new year, which is just around the corner, brings us endless opportunities to improve. So here’s a list of the top 4 IT resolutions that will help keep your hedge fund safe and sound in 2016.
Public cloud tools and free file sharing services are wholly owned and managed by third-party providers. Because infrastructure costs are spread across all users who are employing the service, each individual client is able to operate at a low cost. Public cloud tools are typically larger in scale than private enterprise clouds, which provide users with seamless, on-demand scalability.
These factors may seem to support the belief that public clouds and free file sharing services would suffice for a business’s basic infrastructure and file sharing needs. However, upon closer examination, it is clear that there are a number of areas in which these tools fall drastically short of meeting the crucial business needs of investment management firms.
Understanding the lingo of disaster recovery and business continuity planning is essential to ensuring a firm is fully knowledgeable during the planning process and prepared should an incident occur. Here at Eze Castle Integration we are regularly defining key DR terms for our hedge fund clients. Since we fancy ourselves experts on all things hedge fund DR related, we have have developed this handy list of common DR definitions.
A component of Disaster Recovery that deals with the restoration of business system software and data, after the operating system environment has been restored or replaced.
A system of planning for, recovering and maintaining both the IT and business environments within an organization regardless of the type of interruption. In addition to the IT infrastructure, it covers people, facilities, workplaces, equipment, business processes, and more.
An often overlooked, but critical component of disaster recovery (DR) solutions is testing. In an interview with HFMWeek, Bob Guilbert touched upon the topic of DR testing. In the discussion, Bob noted that “the best approach that funds can take to ensure an effective disaster recovery system is to test them periodically.” Lisa Smith, a Certified Business Continuity Planner here at Eze Castle, also echoes this advice in her conversations regarding inclement weather business continuity planning.
If regular testing is a critical component of an effective DR solution, why do many firms fail to do so? In working on the Eze Disaster Recovery team for several years, I have heard a variety of reasons from clients as to why this is the case. The most common reasons include:
a lack of time to commit to DR testing;
a lack of understanding as to how to go about testing their solutions;
and a belief that testing could hinder normal business operations, and is therefore too risky for the firm.
In the fast-paced, volatile world of financial services, constantly maintaining normal business operations is crucial – even in the event of an unexpected disaster. Even just a few moments of downtime could be extremely costly, so it is essential that firms implement sound business continuity procedures.
Since we frequently work with our hedge fund and alternative investment clients on developing comprehensive business continuity plans (BCPs), we feel it is important to review and test our own BCP procedures on a regular basis to ensure they will meet our most current business needs in the event of a disaster. To this end, Lisa Smith - one of our certified business continuity professionals - and her team recently conducted a BCP table top exercise with our management team here at Eze Castle. After this successful meeting, we thought it would be valuable to share some insights on the BCP table top exercise process with our readers to spotlight the importance of this activity.