If you’re a loyal Hedge IT reader, you may remember we highlighted a few simple dos and don’ts a few months ago that, when utilized, can go a long way in shoring up your firm’s security. To make it easy, we’ve put these tips together into a video. Take a look below and discover a vast range of security tips and tricks from email encryption to proper security measures for protecting computers and mobile devices.
When it comes to the cost of a successful data breach, the ensuing ramifications are not limited to monetary loss. A firm’s confidential information, customer trust and overall operations are all at risk of being compromised. To protect their data and systems from cyber-attacks and breaches, it is critical that firms become as secure as possible.
Raising the Bar
Over the past year, we have witnessed more firms strengthening their security measures in an effort to comply with industry regulations as well as the SEC cybersecurity expectations. Additionally, we’ve seen an increase in frequency and sophistication of both data theft and cybercrime. A study by Risk Based Security revealed that within the first nine months of 2014 there were 1,922 data breaches reported and 904 million records exposed. Four of those incidents have made the Top Ten All time Breach List and three hacking incidents combined were accountable for nearly sixty percent of exposed records. Today, most hedge funds are aware of the severe negative effects a security breach can cause; however, gaining this knowledge may have been a tough lesson to learn.
Traveling with electronic devices puts personal and critical business information at risk. As we embark on the busy holiday travel season, we decided to share some useful tips to help prevent your data and devices from falling into the wrong hands. Here are our top 10:
Back up Your Data Before You Leave: Prior to traveling, back up data that is stored on your device(s) onto media that will not be taken with you on your travels. For example, on a storage card, cloud, or computer, if you are not bringing the latter device on your trip. Furthermore, ensure you do not have social security numbers, passwords, credit card information and other sensitive data stored on your devices. If you do, save this information in a more secure place and remove it from your portable devices.
Travel Light: If you do not need it, do not bring it on your trip. Only devices that are necessary should accompany you while traveling.
As hedge funds and investment management firms shore up security practices in an effort to comply with the SEC cybersecurity expectations and other industry and investor standards, it can become overwhelming to sort out what's required and how firms should go about achieving compliance. It can also be easy to make mistakes. We asked Eze Castle's Business Continuity and Data Privacy Manager, Lisa Smith, to tell us about some of the common information security mistakes she witnesses firms make and how to avoid them in the future. Here are some of the key questions Lisa answers:
Where are you seeing the most deficiencies in cybersecurity preparedness?
What goes into an effective Written Information Security Plan?
What common mistakes do you find firms are making when it comes to information security safeguards?
Take a look at Lisa's answers!
How important is day to day communications within your company/firm? If an incident or disaster occurred today, how would your organization respond? Do you have a team or group designated to develop messages for both internal (employees, vendors, third parties, building management) and external (public, employee families, media) contacts? Have they practiced? When the pressure is on, is your organization prepared if a disaster or event suddenly puts your firm under the microscope with an onslaught of internal/external calls, questions, requests, emails, social media messages or media requests?
Crises and disasters continue to happen across borders and industries. Let’s not forget some of the more recent large scale disasters such as Hurricane Katrina, Typhoon Haiyan, Deepwater Horizon, Fukushima, Hurricane Sandy, and, of course, the ongoing major data breaches, just to name a few. That list doesn’t include more common events that may not make the major news networks such as utility failures, office fires, and systems outages. Smaller events like previously mentioned can cause minimal to significant disruption to business operations. This is why developing and practicing a variety of communications is vital in an organization’s response to an incident.
Some of these events can be predicted in advance, giving an organization time to make decisions, analyze other organization’s responses, consider impacts, and communicate a message or action. Sometimes events are sudden, such as an earthquake or active shooter. These events require immediate actions, decisions, and communications to be made. In either case - an immediate or delayed event - communication is critical to demonstrating proper leadership and providing employees with proper direction, especially if the event is centered specifically on your organization.
In it's fourth year running, our Global Hedge Fund Technology Benchmark Study reveals the top technology systems and applications used by investment management firms around the world. And while we aren't due to officially release the results until tomorrow - register for our webinar to hear them live - we thought we'd share a little sneak peek in the form of an infographic.
Take a look below and discover how your hedge fund and investment management firm peers are using technology to power their firm operations.
Categorized under: Hedge Fund Due Diligence Launching A Hedge Fund Cloud Computing Security Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Software Trends We're Seeing Videos And Infographics
When it comes to cybersecurity defenses, this isn’t a fantasy league. The threats are real and growing in sophistication for the hedge fund and alternative investment industry. In today’s blog, we will discuss how to prepare your firm’s defense for external attacks and internal breaches.
Cybercrime works like a defensive team that studies their opponents and plays and can make midgame adjustments. The only true way to thwart an incident is to establish a layered security program to safeguard against attacks and vulnerabilities of all kinds. Football teams share a similar composition, as there are defensive tackles and ends, cornerback and safety roles. You need to ensure your infrastructure is highly secure and cannot be penetrated by external attackers or easily manipulated by internal threats.
Last week, we co-hosted another exciting Hedge Fund Startup event with KPMG in New York and had a great turnout of fund managers looking to learn more about everything from legal and tax implications to technology must-haves and capital raising strategies.
Since technology is clearly our forte, we wanted to share some of the key takeaways from our “Achieving Institutional-Grade IT” panel, featuring speakers from Evercore Partners, Bank of America Merrill Lynch and, of course, Eze Castle Integration. Here are the highlights:
State of Emerging Manager Market
The hedge fund startup market is healthy, and investors’ appetite for emerging managers is strong
Investors are attracted to nimbler, hungrier nature of emerging managers.
Key Priorities for Startups in 2014/2015
Select the right service providers to support your business.
Understand your firm’s vulnerabilities and exposures.
The operational due diligence process is changing, therefore firms need to understand the protections they have in place to secure investor assets.
Over the years, cybercrime has evolved, matured and increased in frequency. Target groups vary from case to case and victims range from big merchants and high-end retailers to celebrities and common folk. On the eve of Halloween, we’ve dug up some of the scariest cyber-attacks in 2014.
One of the more innovative hacks in recent years started making headway in Great Britain in September 2013. CryptoLocker utilizes malware to encrypt and freeze victims’ sentimental and valuable files on infected computers. After successfully locking the computer, a ransom note appears on the victim’s screen demanding money in return for their files. If the victim fails to make payment, the computer remains locked and files are unsalvageable.
More than $100 million in losses were attributed to the cybercriminals’ schemes as well as hundreds of thousands of infected computers. Computer security companies estimate that CryptoLocker infected over 234,000 computers worldwide, including more than 100,000 in the United States.
In any relationship, when things are good, they’re usually pretty good. And when things are bad, sometimes they are really bad. There may come a point when you need to evaluate whether you’re still a good fit together.
Just like with a romantic relationship, your firm’s connection to a service provider (especially an infrastructure/cloud provider you rely on daily) should be strong enough to withstand a few hiccups and healthy enough to warrant open communication at all times. In some cases, it might be clear that you’re in a good place and moving forward together, but sometimes there are sure signs it’s time to call it quits.
Here are a few of those signs:
1. Your provider’s service levels are not up to snuff.
Maybe you recently experienced a major service outage or find that you not-so-conveniently have to work around confusing and interrupting maintenance schedules during work hours. You’re constantly frustrated and don’t feel like you are receiving the level of support that was agreed to – both verbally and as part of your Service Level Agreement (SLA).
Your SLA should clearly indicate the uptime standard (e.g. 99.995% availability) as well as repercussions to any breaches in the contract (for example, service credits) and associated RPOs if disaster recovery is involved