With threats of data loss increasing in both numbers and severity, it is no surprise that data security is on everyone’s mind within the financial and investment industry. Regulatory agencies and investors now expect businesses to have backup solutions and comprehensive record-keeping practices. Understanding the need and importance of implementing a backup solution can add instrumental value to your business.
We at Eze Castle Integration have identified the top four reasons why backups are critical to not only a firm’s growth, but also their survival.
1. Regulatory agencies demand security of financial records.
The Securities and Exchange Commission (SEC) has instituted regulations on the storage of financial records and electronic communication, and financial industry regulatory agencies such as FINRA now provide standards and guidance information on potential threats. In addition, international regulators such as the FCA, a financial regulatory body in the United Kingdom, are also demanding firms to have a data backup solution.
The reasoning behind these recommendations is the volume of things that can go wrong with your data storage solution. From hardware failure, software corruption, virus or network security breaches, to natural disasters and human error, the threat to your data is endless. With today’s financial services companies managing exponentially growing volumes of sensitive data, the risk of loss grows as well.
On December 9, 2015, Wells Fargo Prime Services and Eze Castle Integration hosted a panel on cybersecurity to discuss the current landscape. The panel featured leading industry experts including:
Eldon Sprickerhoff, Founder & Chief Security Strategist, eSentire
Stuart Levi, Partner, New York, Skadden, Arps, Slate, Meagher & Flom LLP
Vinod Paul, Managing Director, Eze Castle Integration
Timothy O’Brien, Supervisory Special Agent, Cyber branch, Federal Bureau of Investigation – New York Office.
Marc P. Berger, Partner, Government Enforcement, Ropes & Gray LLP
Marc Berger’s opening statements emphasized the extent of the cybersecurity threat currently facing firms across a wide swath of industries. He quoted FBI Director James Comey, who stated: “There are two kinds of big companies in the United States. There are those who’ve been hacked … and those who don’t know they’ve been hacked ….” (FBI Director James B. Comey, 60 Minutes, CBS TV Interview, October 5, 2014). Alarming statistics from the Ponemon Institute’s 2015 Cost of Cyber Crime Study, conducted with HP Enterprise Security, found that the average cost to resolve a single cybersecurity incident is $1.9M, and the average time to resolve is 46 days. Perpetrators range from nation-state-sponsored hackers and disgruntled/rogue employees to organized crime units, activists, and other thieves.
We spend a lot of time educating our clients about security best practices and encouraging them to implement comprehensive security policies and procedures to mitigate risk and protect both the firm and its employees. And for good reason. Data breaches continue to wreak havoc for businesses, and the cost is steadily rising. According to the Ponemon Institute, the total average cost of a data breach is now $3.8 million, up from $3.5 million in 2014.
While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. In addition to providing employees with security best practices they should follow, don’t forget to also include a list of actions they should not. Here are just a few pieces of advice we regularly offer our investment firm clients. You can download our full IT Security Dos & Don'ts eBook by clicking here.
Lock your computer and mobile phone(s) when you leave your desk and/or office
Use care when entering passwords in front of others
Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)
If you’re a loyal Hedge IT reader, you may remember we highlighted a few simple dos and don’ts that, when utilized, can go a long way in shoring up your firm’s security. To make it easy, we’ve put these tips together into a video. Take a look below and discover a vast range of security tips and tricks from email encryption to proper security measures for protecting computers and mobile devices.
Times have changed. There is little doubt that the hedge fund industry has evolved in recent years with the rise of new regulations, the wide spread adoption of cloud services and deep focus on cybersecurity risks. These changes have affected the way many firms do business on both operational and technology levels.
But what effect do these changes have for the person responsible for technology at a hedge fund or investment firm? As a Chief Technology Officer (or comparable role: Director of IT, Chief Information Officer, etc.), one has historically been responsible for day-to-day IT functions and routine technology refreshes. But as the industry has experienced rapid change over the last several years, so too have the CTOs and their responsibilities.
To quote our latest Tech Tips video, "when things are good, they’re good. But when things turn bad, it could be downright scary," so here is our latest video that covers four signs you may be outgrowing your IT service provider.
Our Eze Voice (think financial services grade VoIP) is now available to firms across the United States and United Kingdom. In honor of this global availability, we want to debunk some common myths associated with VoIP for financial services forms.
Voice over IP has come a long way especially in the business world, but many financial services firms still have hesitations about making the switch. Check out these five common myths about Voice over IP.
MYTH 1: Poor Call Quality – Everyone will know I’m on VoIP
Call quality is a key concern and can be impacted by a number of items including the network, available bandwidth and even the type of phones being used. However, a well-designed business-caliber VoIP system can deliver quality of service comparable to an in-house phone system. In business settings, where calls are made over private IP connections, Quality of Service (QoS) can be monitored and guaranteed because the entire IP connection is controlled by the party making the call.
When evaluating VoIP services, it is important to inquire about the underlying network and how voice traffic is prioritized and routed. You want a provider that has full control over network traffic and can ensure high quality of service. For added confidence, ask to speak with existing VoIP customers (over the phone!) to hear about their experiences first-hand.
MYTH 2: VoIP is Unreliable – I’ll Experience Downtime
A natural extension of the call quality concern is the reliability concern. While consumer-grade VoIP services work over the Internet to deliver low cost services, Business-grade VoIP services often use the Internet as a backup and have private IP point-to-point lines for primary connections. If Internet is the primary transit, be sure you are working with a VoIP provider who manages the entire network and has control over traffic prioritization. In most cases you want to ensure voice traffic takes precedent over data or travels on a different network.
We’re in Hurricane Season so let’s look at some best practices to ensure you and your employees are prepared for the unexpected. Remember, these four Eze Tech Tips are great for the next Snowmageddon too.
Want more Disaster Recovery Tech Tips?
Here are your options:
The security threat landscape continues to evolve, and security through obscurity is no longer (and probably never was) an ideal approach to protecting the sensitive data of the hedge fund industry. A 2015 Cyber Security Intelligence Index study by IBM found that over 62 percent of cyber incidents targeted three industries -- Finance, Insurance, and Information and Communications -- highlighting the serious risk cyber intrusions present to financial firms.
The report found that in 55 percent of all cyber attacks in 2014 were carried out by either malicious insiders or inadvertent actors and that unauthorized access triggered nearly twice as many incidents in 2014 compared with 2013. According to the report, “certain types of unauthorized access incidents rocketed to the top, accounting for 37 percent of the total—nearly doubling from 19 percent in 2013. ShellShock and Heartbleed were the game changers here.”
Another example cited was that malicious code and sustained probes together accounted for 40 percent of all the incidents observed. According to IBM, with an ever expanding array of malware from which attackers may choose— including viruses, worms, Trojans, bots, backdoors, spyware and adware—it seems fairly certain that malicious code incidents will continue to wreak havoc for the foreseeable future.”
These examples demonstrate that the risks facing large organizations and smaller firms (read: hedge funds) are just as real. To that end, we regularly team with eSentire to speak with hedge fund CTOs about the security landscape and their managed security technology. Additionally, Eze Castle Integration utilizes eSentire intrusion detection technology within our Eze Private Cloud and to power our Eze Active Threat Protection services.
Feedback on eSentire’s offering and approach is always received positively and the spark for this tech spotlight article.
As cloud services continue to become increasingly popular among hedge funds and investment firms, there still seems to be an area of confusion that surrounds this technology. We've talked through Why Cloud Computing is Right for your Hedge Fund and Understanding Public, Private, and Hybrid Clouds. Now, let's look at three key elements to consider within the cloud: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
In a SaaS model, firms are offered a complete range of applications via the Internet, all of which are managed by the hedge fund cloud provider. This means firms can forego upfront investments in servers and software licenses and pay a predictable per-user, per-month fee.
PaaS is the delivery of a computing platform over the Internet. The PaaS model enables hedge funds to create Web applications quickly without incurring the cost and complexity of buying and managing the underlying software and hardware. Firms have control over the deployed applications and environment-related settings. PaaS is great for firms creating or managing their own applications or looking for testing and development environments.