As we predicted in our recent article on 2017 technology trends for financial firms, cybersecurity and protection of personal information remain key priorities in the new year. Ensuring that information is secured is becoming infinitely harder as hackers find more ways to access, expose and compromise data. Up-and-coming security scams such as “popcorn time” and “typosquatting” are just some examples of new ways hackers are exposing data. With this in mind, we’ve identified three IT security must dos you should employ in 2017 to protect yourself and your organization.
With a new year comes new threats for the financial industry. This year ransomware is predicted to be a primary threat for companies due to the prevalence of Internet of Things (IoT) devices. IoT devices are an easy target for scammers because they often do not have security measures in place to protect your information (think home security systems, Amazon Echo and baby monitors). Entry into your IoT device can easily provide a gateway for hackers to access your entire network. Because of this, it is important to always remember to change your passwords every 60-90 days, back up data and use safe browsing practices.
Here are some particular cybersecurity threats and scams to watch out for in 2017:
There is a new ransomware in development called Popcorn Time (unrelated to the Popcorn Time application) that puts users in a tough spot. Once infected, Popcorn Time requires users to either pay a ransom of 1 bitcoin (about $800) to get their files back or the victim can choose to infect two other people by sending out a referral code. If two people that you send the referral code to pay the ransom, then you will get a free decryption key. The ransom deadline is one week for you or your victims to pay.
If you thought this scenario couldn’t get worse, think again. Once the user has obtained a decryption key, he/she only has three chances to enter it correctly before the ransomware will begin to delete files permanently. It appears the ransomware encrypts more than 500 file types located in “my documents”, “my pictures”, “my music” and the user’s desktop.
This ransomware seems to still be in the development stage, so things may continue to change, and at this point it’s unclear how far it will spread. The creators of this ransomware claim to be a group of students from Syria trying to raise money for Syrians that are affected by the war.
The best New Year resolutions are the ones you can stick with. So here are our three simple technology resolutions for 2017 which you can use in your personal and professional life.
Resolve to Change Your Passwords, Make them Unique
Passwords are the keys to your virtual kingdom so treat them as such. These days having a password is not enough. Users must have complex passwords that incorporate letters, numbers and symbols and that change often. Here are some other password tips:
Substitute letters for numbers and use phrases to remember and create unique passwords. For example, “I love Gmail” can become “!l0v@gm@!l” – something you’ll remember but is hard for someone to guess.
Avoid using personal information in your password that may be easy for someone to figure out. Things to avoid include your name, address, date of birth, pet’s name and children’s names.
Don’t use the same password for all your accounts – switch it up. For example, you can use the same word but change it up by capitalizing different letters or substituting letters for numbers.
Be sure to change your password often. We recommend changing a password every 30-90 days. Many of our clients already have automated procedures in place to enforce this policy.
Check Your Social Media Privacy Settings & Be Social Aware
The rise of social networking online has reduced privacy expectations across the globe. We must be more aware of the automaticity of our behaviors and tendency to trust sites while browsing the web. In this tug-of-war between security and connectivity, users can regain control of their personal information. Instead of dispensing reams of sensitive data, choose to keep what’s private, private. Adopting an alert awareness while interacting on social platforms and thinking twice before your next “like” could go a long way.
2017 is quickly approaching and so are a plethora of new financial technology and operations articles here on Hedge IT. As we wrap up 2016, let’s take a look back and share some of our readers’ favorite articles from this past year.
Tips for launching a hedge fund are always popular on Hedge IT, and 2016 was no different. Earlier this year, Eze hosted a webinar featuring speakers Paul Schultz from Wells Fargo, Michael Mavrides from Proskauer Rose LLP, and Bob Guilbert from Eze Castle Integration. A few key takeaways from the 1-hour event include:
Understand that investors will expect enterprise-grade technology built in from Day 1.
Remember the advantages of the cloud: a predictable cost, flexibility and scalability (“tech on demand”), enterprise security, and professional management and monitoring.
Compare both the benefits and disadvantages of a “master fund” versus a “side-by-side” structure (e.g. the master fund allows for one set of books and trades, while the side-by-side structure allows for more tax flexibility)
Show investors that you have a 3+ year budget for working capital without any performance fees.
With the holidays around the corner, people are using their email more than ever to book flights, order gifts, check shipping statuses and more. But what do you do when your privacy and personal information is taken and exposed? Last week, Yahoo disclosed that a minimum of 1 billion accounts were hacked back in 2013 – and that the incident is separate from a similar hack in 2014 announced just three months ago.
The most recently announced attack exposed user information including names, telephone numbers, dates of birth, encrypted passwords, and unencrypted security questions. Since the breach became known, Yahoo has prompted all affected users to change their passwords and is invalidating unencrypted security questions.
Unfortunately, users are feeling pretty discouraged about the safety of their personal information amidst these seemingly frequent security breaches. In the last two years alone, this is the third security breach Yahoo has experienced. While the reality is that Yahoo is not the only target of Internet hackers, its users are understandably concerned about how the company is adapting to industry security standards. While we’ve yet to see if this latest breach will have an effect on Yahoo’s potential $4.85bn sale to Verizon, in the meantime, Yahoo users should be taking matters into their own hands. No, that doesn’t necessarily mean you need to close your Yahoo account. But it does mean that you need to practice smart IT security going into 2017.
When it comes to protecting your investment firm from serious cybersecurity threats, it's safe to say that less is definitely not more. In fact, it takes a pretty heavy arsenal of security measures to combat the ever-growing threats targeting your firm from both the inside and the outside.
But it may not be realistic for your firm to employ every cybersecurity technology/tool and develop and maintain a host of security policies - at least not from day one.
Luckily, we’ve developed a handy cheatsheet to help you assess some of the cybersecurity protections that should be on your list. You’ll notice we’ve divided them by tiers, because, well, you’ll need to decide how much of your time, budget and resources are spent protecting your firm’s assets.
Tier 0: This is the ‘must-have’ list. There is no getting around these security measures.
Tier 1: This tier incorporates a few enhanced features as well as a strong contingency of policies to support your cybersecurity program. Plus – and here’s the big one we keep talking about – employee security awareness training. Tier 1 is typically where most investment management firms fall today.
Tier 2: This can be considered an “advanced” tier, with the incorporation of progressive tools such as intrusion detection/prevention systems and next-generation firewalls. But this is quickly becoming the norm for mid-to-large asset managers, particularly as a means to demonstrate preparedness to institutional investors.
2017 is already shaping up to be an interesting year. With a new presidential administration taking office and the hedge fund industry coming off the heels of a challenging year, there’s a lot to keep an eye on. We recently hosted a panel with law firm Morgan Lewis to discuss these and many other topics as part of our “2017 Outlook for Hedge Funds: Risk, Regulation and Technology” event.
Read on for some of our panel’s key takeaways.
2017 Regulatory Outlook
While little is known about how a Trump presidency will operate, there could be potential tax savings for managers depending on how the administration chooses to regulate Wall Street.
Firms should expect to see reforms with the Dodd-Frank Act and the Volcker Rule, which could add more competition into the marketplace if limits on bank investments are adjusted.
SEC Focus Areas
Top six areas of focus for the Securities & Exchange Commission will likely be: (1) expenses and fees, (2) trade allocation, (3) material non-public personal information, (4) valuation processes, (5) operating partners and due diligence, and (6) security, privacy, insider trading and business continuity.
Cybersecurity is not necessarily part of every SEC examination, however, the bar will continue to be raised in terms of preparations firms will need to employ.
In 2016, the SEC provided additional guidance on business continuity and transition plan requirements, highlighting the need for hedge fund and financial firms to maintain their fiduciary responsibility to their clients and investors.
Categorized under: Security Cloud Computing Disaster Recovery Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Outsourcing Infrastructure Business Continuity Planning Trends We're Seeing
Our 2016 Private Equity CTO Survey is packed with insights across four primary areas: business priorities, cybersecurity, outsourcing trends and the evolution of the private equity CTO. These findings include:
70% of PE firms report their organizations have experienced 3 or more cybersecurity issues in the past 12 months
Nearly 90% of respondents identified cloud computing as a planned investment area, with respondents preferring private cloud solutions over the public cloud.
93% of survey respondents believe their firm’s CTO or top IT executive is becoming more important to their business
Checkout out our infographic (below) for a picture of our findings and download the full report here: www.eci.com/pesurvey.
The tide is changing for private equity firms. They continue to grow in popularity – some say private equity is the new hedge fund – but with increased interest comes amplified speculation and heightened expectations.
In technology, private equity firms have found a fierce enabler for continued growth, and one that has shone the light on organizational benefits to be had far beyond the IT closet.
Eze Castle Integration commissioned its Private Equity CTO Survey to more closely examine the evolution of the private equity industry as driven by – and driven to – technology. In reaching the top IT executives and chief technology officers (CTOs) at these firms, the survey highlights their priorities, successes and even failures, and in doing so, sheds light on this industry that has risen to the forefront of the greater financial community.
Our Private Equity CTO Survey encompasses four primary sections: business priorities, cybersecurity, outsourcing trends and the evolution of the private equity CTO.
If one thing is to be derived from the advent of information technology, it is that IT enablement extends well beyond the recesses of the Communications Room. Accordingly, technology decision-making is also impacted by an organization’s business objectives, and the two work in alignment to derive achievements across the firm. In this section of the survey, we’ll highlight areas where business goals have impacted IT budgets and where private equity firms plan to focus their attention in the coming year.
The cybersecurity threat landscape continues to evolve, leaving behind significant operational and reputational harm for financial services firms. Cyber-attacks such as those impacting LinkedIn, Talk-Talk, Yahoo and Sony have forced cybersecurity into the limelight via news making headlines, enough to fill any business with trepidation. We hear and see a lot of information floating around – some of which, unfortunately, can be misleading or, at times, inaccurate. It is imperative that firms understand how to separate the facts from fiction and develop and deploy sophisticated and appropriate approaches to information security.
So, what are these myths exactly? Let’s have a look.
Myth #1 Cyber Security? Just leave it to the IT department.
Cyber awareness needs to be embedded in the culture of the company, not just the IT team. Firms should communicate the importance of managing cyber risk to every employee in order to strengthen and integrate protocols into daily business operations. Never underestimate the effectiveness of social engineering attacks. Educating staff to avoid opening unsolicited attachments or clicking on suspicious links within emails is one of the most important areas for organisations to concentrate on today.
Myth #2 Cyber criminals don’t target small businesses.
This myth can be particularly dangerous. Many small firms believe that because they are small, there is no risk of a cyber-attack. Therefore, there is no reason to take any precaution to prevent such an attack. In fact, the very opposite is true. In the eyes of the hackers, small businesses are often easy targets since they sometimes fail to take necessary measures to protect themselves.