Eze Castle Integration Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Hedge Fund Regulation

Cybersecurity for Financial Institutions: NYC Panel Highlights

By Kaleigh Alessandro,
Tuesday, July 28th, 2015

We take our thought leadership efforts seriously around here, and we’re always interested in educating our clients and partners about technology issues that can affect them. We’re also fortunate to be invited to speak frequently on a variety of hedge fund technology topics – most recently, cybersecurity. Our own Managing Director, Vinod Paul, participated in a panel session last month in New York dedicated to this topic.

Featuring speakers from Eze Castle Integration, Citrin Cooperman, Akin Gump, and CFO Consulting Partners, the panel spoke candidly about how the cybersecurity landscape is evolving for financial services firms and how they can begin to comply with recent recommendations from the SEC and FINRA. Following are some highlights from the event. If you’d like to listen to the podcast of the panel, click here.Hedge Fund Cyber Security Panel

  • Many firms question whether they need to do anything to comply with SEC cybersecurity recommendations. The answer is yes. And it’s more than technology firms need to employ.
     

  • Cybersecurity governance is a critical component. Who is in charge beyond the IT team? Someone at the firm needs to take accountability for this process and interface with various functions to ensure compliance. Ideally, a Chief Compliance Officer or Chief Information Security Officer should handle. 

Categorized under: Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Trends We're Seeing 



How to Comply With the SEC's Cyber Security Guidance

By Estani Laredo ,
Tuesday, July 14th, 2015

Last week, we partnered up with law firm Sadis & Goldberg to host a webinar where we discussed the Securities and Exchange Commission’s (SEC) Division of Investment Management’s latest cybersecurity guidance recommendations and offered firms clear direction on satisfying these new requirements from both a legal and technology perspective. Featured speakers included John Araneo, counsel, and Lance Friedler, partner at Sadis & Goldberg, as well as Eze Castle Integration’s Managing Director Vinod Paul. To watch a full recap of the webinar, click here or scroll downHacker - cyber security prep

Cyber Threats Across the Industry

The cyber threat landscape is changing rapidly, and our speakers shared examples of how developed hackers are targeting all industries, not only financial services. Araneo gave two examples of data breaches from two companies that were recently penalized by the SEC for failure to meet requirements. The first example was from a firm that failed to use strong passwords and allowed access to systems after long periods of computer inactivity, resulting in a penalty and mandatory independent security consulting for two years. The second firm failed to enforce the use of anti-virus software, leading to an unauthorized trade from a customer’s account and resulting in fines totaling over $100,000.
 
Beyond mismanagement of internal cyber controls, phishing and ransomware are other targeted approaches our speakers noted they are seeing across the industry, as hackers are targeting executives by sending fake emails to try to phish sensitive information or attaching files that could infect entire systems. In the case of ransomware, if a user opens an email that is infected, it will lock down files and the only way to recover the files is to buy a key from the hacker. As the sophistication of cyber hackers increases, firms are expected to shore up securities and employ best practices to protect sensitive company information – a goal the SEC is targeting with their most recent cybersecurity guidance recommendations. 

Categorized under: Security  Hedge Fund Regulation 



Understanding Social Engineering: How to Avoid Phishing Attacks

By Katie Sloane,
Tuesday, July 7th, 2015

In the context of information technology, social engineering refers to the act of tricking people into divulging confidential or sensitive business information, and breaking security policies. This form of attack infiltrates companies by targeting their weakest access point, which predominantly is a firm’s employees.Understanding Social Engineering; Spear Phishing, Cyber Security

The Art of the Phishing Con

Let’s examine a popular technique for social engineering known as phishing. In a phishing scheme, the hacker broadly disseminates a fraudulent email with aim to acquire sensitive data, such as, login credentials, IT resources or banking information. The message may request the recipient to submit personal information or to click on a link embedded with malware. Although this approach rarely dupes sophisticated users, a distracted employee could make one mistake and compromise a firm’s entire network.

Categorized under: Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Trends We're Seeing 



Why is Cybersecurity Important?

By Katie Sloane,
Thursday, June 25th, 2015

Did you know that the average cost of a data breach is $3.8 million? Or, that the consolidated average cost incurred for each record of lost or stolen sensitive and confidential information has increased six percent (6%) since 2013 from $145 to $154? A recent study of 350 companies spanning 11 countries reported the aforementioned statistics, representing a twenty-three percent (23%) increase in data breach consolidated costs.

Categorized under: Security  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Business Continuity Planning  Software  Trends We're Seeing 



Create Information Security Plans, SEC Tells Advisers

By Mary Beth Hamilton,
Thursday, June 11th, 2015

Welcome to the third installment of our SEC Cybersecurity Guidance Update video series. Our third (and last) video covers what the SEC is telling registered investment advisers about having written information policies and procedures. You can watch the first two videos below or HERE and HERE.

 

Categorized under: Hedge Fund Regulation  Launching A Hedge Fund  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Infrastructure  Trends We're Seeing  Videos And Infographics 



SEC Cybersecurity Risk Update, Part 2: Prevent, Detect, Respond

By Kaleigh Alessandro,
Tuesday, June 9th, 2015

In Part 1 of the SEC's recent cybersecurity guidance update, the regulatory body highlighted the need for cyber risk assessments across multiple areas of a registered firm's organization. Continuing to address how firms should prepare for security incidents before they occur, Part 2 of the SEC's guidance update focuses on how hedge funds and registered investment advisers should prevent, detect and respond to security incidents.

Take a look at the latest installment of our video series or scroll down to read a brief recap.


Categorized under: Security  Launching A Hedge Fund  Cloud Computing  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



SEC Cyber Risk Guidance Update: Risk Assessment Requirements

By Mary Beth Hamilton,
Thursday, June 4th, 2015

We are excited to release the first in Eze Castle Integration's three part SEC Cybersecurity Guidance Update video series.

In case you missed it, in April 2015 the SEC issued a Guidance Update on Cybersecurity Risks and Expectations for registered investment companies and registered investment advisers. The three point guidance update addresses the need for Cybersecurity Assessments, Strategy and Written Policies plus Procedures.

So to get you up to speed quickly, we’ve created this video series. In this first (90 second) video we cover SEC cybersecurity guidance around conducting periodic risk assessments. Be sure to come back next week for our next two videos. 

.

Categorized under: Hedge Fund Regulation  Launching A Hedge Fund  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Infrastructure  Trends We're Seeing  Videos And Infographics 



Getting Stronger Together: How Hedge Funds and Service Providers Can Tackle Cyber Crime

By Katie Sloane,
Thursday, May 28th, 2015

HFMWeek catches up with Eze Castle Integration’s managing director, Bob Guilbert, to discuss why so many funds are opting for cloud solutions and how the industry can work together to tackle cyber crime.

HFMWeek (HFM): What are the security implications of moving to a cloud sysBob Guilbert Eze Castle Integrationtem?

Bob Guilbert (BG): Firms looking to move to the cloud need to consider which provider is right for them and can service their operational and security needs. A firm needs to consider the security protocols in their office as well as in the cloud and work with someone that covers both sides, including the virtual and physical elements. It’s also vital that firms understand the ‘response and remedy’ services that cloud providers offer, the quality of which can vary hugely between public and private clouds.

Categorized under: Cloud Computing  Security  Hedge Fund Regulation  Trends We're Seeing 



Starting a Hedge Fund: Your IT and Cybersecurity Checklist

By Anna Wendt,
Tuesday, May 26th, 2015

Launch Button; Launching a hedge fund; How to launch a hedge fundIf you missed our 'Starting a Hedge Fund' webinar last week, you missed a lot. Luckily, our webinar replay is available here, and we're now onto Part Two of our recap. If you missed Part One - which focused on the structural and formation basics of starting a new hedge fund - click here. In Part Two, we're recapping what our very own Managing Director Vinod Paul covered, specifically around IT infrastructure decision-making, cybersecurity protections and common technology mistakes.

2015 Technology Priorities

Before looking at the specific technology infrastructure components emerging managers should consider before and during the launch phase, let's first cover some large-scale IT priorities for startups in 2015. We've identified three major priorities:

  1. Selecting the right service providers. Whether it's outsourcing IT, administration or another critical function, it's imperative for startups (and successful hedge funds in general) to conduct proper due diligence and forge partnerships with providers that offer flexibility and accountability.

  2. Understanding your firm's vulnerabilities and exposures. Security, security, security. It's the most critical area of focus for hedge funds in 2015. Firms should understand what risks could affect their businesses and the safeguards in place to mitigate those risks.

  3. Employing an infrastructure your firm can grow with. You're a startup, yes. But you can't afford to act like a startup, at least when it comes to your technology. Selecting an infrastructure platform and provider that can grow with your firm and support you 2, 5, 10 years down the road is critical to your success, and will save you money and headaches in the long run.

Categorized under: Launching A Hedge Fund  Cloud Computing  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



A Checklist for Launching a Hedge Fund in 2015

By Anna Wendt,
Thursday, May 21st, 2015

Hedge Fund Launch Checklist; Launching a hedge fundYesterday, we hosted a hedge fund launch webinar called “A Checklist for Starting a Hedge Fund in 2015,” which focused on structure and strategy considerations for hedge fund startups as well as focus areas for your technology infrastructure and cybersecurity systems. Marni Pankin, partner at Marcum LLP, and Vinod Paul, managing director at Eze Castle Integration, shared their expert knowledge on what they consider to be the top priorities for hedge fund startups in 2015.

Pankin started with a checklist of her own, including what an emerging manager should look for when launching a new hedge fund. Below is a brief summary of her checklist and be sure to read our second article, "Starting a Hedge Fund: Your IT and Cybersecurity Checklist" here.

Categorized under: Launching A Hedge Fund  Cloud Computing  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Business Continuity Planning  Trends We're Seeing 



View earlier posts in the archive

Recent Posts / All Posts