As summer officially approaches its halfway point, we at Eze Castle Integration hope that everyone is enjoying the beautiful weather. We also want to take this opportunity to remind folks to be mindful that your firm can still be vulnerable, even when the weather is warm and sunny. With heat and humidity rising, power usage is increased to keep offices cool, leaving firms susceptible to power outages. Additionally, with employee vacations prevalent during the summer and offices less crowded, there are fewer gatekeepers protecting your firm from social engineering threats and hackers. Let’s examine some of these factors a little more closely and offer some business continuity and security tips to keep your firm running at full speed in the summer heat.
Impact of the Heat: Power Outages
You are sitting at your desk and recording sensitive information for one of your clients, when all of a sudden your screen goes black, and the office is completely dark. Your firm has experienced a power outage caused by increased usage during the summer months, and you are not sure if your information and technology is protected.
The months of July, August and September are considered the “blackout season” as major cities use the most power during these months, leaving them susceptible to power outages. According to the Energy Information Administration, electrical power outages, surges and spikes in usage bring about more than $150 billion in annual damages to the U.S. economy.1
We take our thought leadership efforts seriously around here, and we’re always interested in educating our clients and partners about technology issues that can affect them. We’re also fortunate to be invited to speak frequently on a variety of hedge fund technology topics – most recently, cybersecurity. Our own Managing Director, Vinod Paul, participated in a panel session last month in New York dedicated to this topic.
Featuring speakers from Eze Castle Integration, Citrin Cooperman, Akin Gump, and CFO Consulting Partners, the panel spoke candidly about how the cybersecurity landscape is evolving for financial services firms and how they can begin to comply with recent recommendations from the SEC and FINRA. Following are some highlights from the event. If you’d like to listen to the podcast of the panel, click here.
Many firms question whether they need to do anything to comply with SEC cybersecurity recommendations. The answer is yes. And it’s more than technology firms need to employ.
Cybersecurity governance is a critical component. Who is in charge beyond the IT team? Someone at the firm needs to take accountability for this process and interface with various functions to ensure compliance. Ideally, a Chief Compliance Officer or Chief Information Security Officer should handle.
Hedge fund outsourcing is not a new trend, as buy-side firms have long dispersed the responsibility of many functions to third-party service providers more adept and accomplished at said functions. Technology, for example, is an area where many firms choose to leverage outsourced providers to manage complete or partial infrastructures, support projects or supplement on-site IT staffs. The benefits to outsourcing are numerous, but the true measure of a successful service provider relationship comes when an investment firm’s level of risk in using that provider is low.
Risks are everywhere, particularly in today’s cyber-focused environment. But the risk a hedge fund undertakes when outsourcing a function of its business to a third-party is enormous. Not only is the firm relinquishing control to an outside company, it also takes on the added burden of managing that company, in addition to its own.
It’s one thing to put faith in your service providers to do their jobs effectively. It’s another to ignore your own firm’s responsibility to manage that third party as a means of protecting your own firm. Successfully managing risk associated with third-party service provider relationships is a full-time job, especially for financial services firms working with dozens of various parties. Here are a few tips to help your firm properly manage third-party service provider risk:
In the context of information technology, social engineering refers to the act of tricking people into divulging confidential or sensitive business information, and breaking security policies. This form of attack infiltrates companies by targeting their weakest access point, which predominantly is a firm’s employees.
The Art of the Phishing Con
Let’s examine a popular technique for social engineering known as phishing. In a phishing scheme, the hacker broadly disseminates a fraudulent email with aim to acquire sensitive data, such as, login credentials, IT resources or banking information. The message may request the recipient to submit personal information or to click on a link embedded with malware. Although this approach rarely dupes sophisticated users, a distracted employee could make one mistake and compromise a firm’s entire network.
Did you know that the average cost of a data breach is $3.8 million? Or, that the consolidated average cost incurred for each record of lost or stolen sensitive and confidential information has increased six percent (6%) since 2013 from $145 to $154? A recent study of 350 companies spanning 11 countries reported the aforementioned statistics, representing a twenty-three percent (23%) increase in data breach consolidated costs.
We take great pride in helping solve our clients' IT needs and highlighting recent success stories. Our client Wexford Capital LP is one such example who selected the Eze Private Cloud platform for its fully managed, enterprise-grade environment. Wexford Capital gravitated away from its on-premise IT infrastructure and towards the Eze Private Cloud for its multifaceted suite of services and measurable benefits, such as, cost optimization and increased business agility.
Dante Domenichelli, Chief Operating Officer at Wexford Capital, said, “Eze Castle Integration delivers the comprehensive services and expert, reliable support we had been searching for in an IT provider. Transitioning to the Eze Private Cloud has enabled seamless business expansion and improved our operational efficiencies while providing assurances of performance and security.
Written by Ledgex Systems, the following article originally appeared in the Canadian Hedgewatch under the title, "2015 Trends: Investor-centric Approaches for Hedge Fund Growth."
Winning Hedge Fund Strategies
In today's competitive market, winning investor assets is no easy feat. Hedge funds must be nimble and meet increasing investor and regulatory demands, while remaining cost efficient and advancing operations. To foster and sustain these relationships, it’s vital that managers and investors reach equilibrium in regards to their interests and expectations.
Achieving this balance is an ongoing challenge; however, it also offers firms opportunities for improvement. The following are suggested focus areas for hedge funds to differentiate themselves from the competition and attract and retain investors.
Bespoke Fund Productization
Managers that strive to enhance offerings consistently to attract principal growth must focus on investors’ needs during product ideation and development. Aside from exceptional client service, investors expect high performance, availability, transparency and seamless integration with client relationship management data. Hedge funds that invest in building bespoke solutions suitable for investor operations will meet expectancies better while increasing efficiencies and reducing the risk of underperformance.
If communicating to your employees, investors, vendors, and partners is important on a daily basis, then ensuring effective communication during a disaster or disruption should be a priority, too. There are many reasons why it may be advantageous for a firm to consider utilizing an Emergency Notification System (ENS) in order to ensure that internal and external parties are kept informed and updated. Traditional calling trees are cumbersome and time consuming, and emails -- especially outside of business hours -- can often be overlooked. Today, notifications systems can quickly and effectively send messages using a variety of delivery methods. It’s no wonder many companies large and small are moving to these kinds of systems. However, finding the right system requires some thought and planning. This article will cover some items firms may want to consider when shopping for a notification system.
Does the system require on site hardware or is it hosted online or a hybrid of the two?
On Site: This option is rarely utilized, and it means that hardware/software will have to be added locally to the firm’s infrastructure to sync up with the system. Depending on the current IT set up, firms may want to discuss this option with their IT administrator or provider to ensure it is feasible. This option can be vulnerable if there are local issues affecting the firm’s office because it will most likely also affect the notification system.
Welcome to the third installment of our SEC Cybersecurity Guidance Update video series. Our third (and last) video covers what the SEC is telling registered investment advisers about having written information policies and procedures. You can watch the first two videos below or HERE and HERE.
In Part 1 of the SEC's recent cybersecurity guidance update, the regulatory body highlighted the need for cyber risk assessments across multiple areas of a registered firm's organization. Continuing to address how firms should prepare for security incidents before they occur, Part 2 of the SEC's guidance update focuses on how hedge funds and registered investment advisers should prevent, detect and respond to security incidents.
Take a look at the latest installment of our video series or scroll down to read a brief recap.
Categorized under: Security Launching A Hedge Fund Cloud Computing Disaster Recovery Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing Videos And Infographics