Eze Castle Integration Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Security

Four Reasons Why Financial Firms Need Data Backups

By Evelyn Villemaire,
Tuesday, February 9th, 2016

With threats of data loss increasing in both numbers and severity, it is no surprise that data security is on everyone’s mind within the financial and investment industry. Regulatory agencies and investors now expect businesses to have backup solutions and comprehensive record-keeping practices. Understanding the need and importance of implementing a backup solution can add instrumental value to your business.

We at Eze Castle Integration have identified the top four reasons why backups are critical to not only a firm’s growth, but also their survival. 

Data Backup - Eze Vault

1. Regulatory agencies demand security of financial records.

The Securities and Exchange Commission (SEC) has instituted regulations on the storage of financial records and electronic communication, and financial industry regulatory agencies such as FINRA now provide standards and guidance information on potential threats. In addition, international regulators such as the FCA, a financial regulatory body in the United Kingdom, are also demanding firms to have a data backup solution. 

The reasoning behind these recommendations is the volume of things that can go wrong with your data storage solution. From hardware failure, software corruption, virus or network security breaches, to natural disasters and human error, the threat to your data is endless. With today’s financial services companies managing exponentially growing volumes of sensitive data, the risk of loss grows as well.

Categorized under: Disaster Recovery  Security  Hedge Fund Operations  Infrastructure  Trends We're Seeing 



When it Comes to Cyber Insurance Coverage, Be Sure to Read the Fine Print

By Kaleigh Alessandro,
Thursday, February 4th, 2016

The cyber insurance industry is growing at a rapid pace as firms look to implement safeguards to protect sensitive data and financial information from ending up in the wrong hands. As hackers become savvier and cyber schemes more elaborate, many firms are relying on cyber liability policies to add an extra layer of protection.
 
In some cases, however, insurance coverage has not satisfied the demands of firms and instead left them feeling scammed a second time.
 
One example of this comes from Texas where a manufacturing firm is suing their cyber insurance provider for refusing to cover a loss that came at the hands of a phishing scheme. According to the provider, the loss – of $480,000 – did not meet the specific criteria needed for a successful claim.
 
Situations like these are reminders for Chief Financial Officers and Risk Officers to carefully comb their cyber insurance policies to gain a comprehensive understanding of what exactly is covered – and what is not.
 
Our friends at Willis Holdings Inc. work with investment firms regularly to craft cyber liability policies and provided their take on the insurance landscape as part of our Hedge Fund Insiders Article Series: 
------------------------------

BY: John Mullen and Jennifer Coughlin, Lewis Brisbois Bisgaard & Smith, and Talene Megerian and Kristin Zieser, Willis FINEX Claims & Legal Group

The Cyber risk landscape is rapidly evolving. Governments are facing an unprecedented level of Cyber attacks and threats with the potential to undermine national security and critical infrastructure. Similarly, businesses across a wide range of industry sectors, particularly those in the health care, retail and financial services industries1, are exposed to potentially enormous liability and costs as a result of Cyber incidents and data breaches.

Given the risk landscape, it is no wonder companies of all sizes continue to be subject to increasing data breach liability, both in the form of single plaintiff or class action lawsuits and regulatory investigations and proceedings. Negligence, breach of fiduciary duty and breach of contract are just some of the allegations that a company may face as a result of a systems failure or lax security that compromises the security of customers’ personal information or data.

Categorized under: Security  Trends We're Seeing 



The Social Age: Have We Lost Our Privacy Filters?

By Katie Sloane,
Tuesday, February 2nd, 2016

In an interconnected world, social platforms such as Facebook, have evolved into components of our everyday lives. Real-time updates keep us in the loop with popular events, friends, “liked” company pages, the latest apps and so on. Behavior quizzes offer entertainment to discover your celebrity and fairytale doppelgängers, or breakfast food and ice cream personality matches. To partake in this social extravaganza, we hand over our personal information freely, forgetting its value somewhere between each hashtag and viral post.
Social-Media-Conversation

It seems that every hour emerging innovations and dynamic social platforms open the threshold of new opportunities to share and attain information. Typical data requested from social sites may include your full name, age, sex, birthday, relatives, photos, account access, etc. However, what most people don’t realize while tuning out to plug in our witty social facts, is the depth of personal data they’re unwittingly dispensing to persons, companies and third parties unknown.

When it comes to social media engines, when did people become the mindless machines pumping out sensitive information?

Categorized under: Security  Communications 



Cybersecurity for Hedge Funds: The Current Landscape

By Wendy Beers, Wells Fargo Prime Services,
Tuesday, January 19th, 2016

On December 9, 2015, Wells Fargo Prime Services and Eze Castle Integration hosted a panel on cybersecurity to discuss the current landscape. The panel featured leading industry experts including:Cyber threat to hedge funds

  • Eldon Sprickerhoff, Founder & Chief Security Strategist, eSentire

  • Stuart Levi, Partner, New York, Skadden, Arps, Slate, Meagher & Flom LLP

  • Vinod Paul, Managing Director, Eze Castle Integration

  • Timothy O’Brien, Supervisory Special Agent, Cyber branch, Federal Bureau of Investigation – New York Office.

  • Marc P. Berger, Partner, Government Enforcement, Ropes & Gray LLP

Marc Berger’s opening statements emphasized the extent of the cybersecurity threat currently facing firms across a wide swath of industries. He quoted FBI Director James Comey, who stated: “There are two kinds of big companies in the United States. There are those who’ve been hacked … and those who don’t know they’ve been hacked ….”  (FBI Director James B. Comey, 60 Minutes, CBS TV Interview, October 5, 2014). Alarming statistics from the Ponemon Institute’s 2015 Cost of Cyber Crime Study, conducted with HP Enterprise Security, found that the average cost to resolve a single cybersecurity incident is $1.9M, and the average time to resolve is 46 days. Perpetrators range from nation-state-sponsored hackers and disgruntled/rogue employees to organized crime units, activists, and other thieves.

Categorized under: Security  Hedge Fund Due Diligence  Hedge Fund Regulation  Infrastructure  Outsourcing  Trends We're Seeing 



IT Security Dos and Don'ts to Live By

By Kaleigh Alessandro,
Tuesday, January 12th, 2016

We spend a lot of time educating our clients about security best practices and encouraging them to implement comprehensive security policies and procedures to mitigate risk and protect both the firm and its employees. And for good reason. Data breaches continue to wreak havoc for businesses, and the cost is steadily rising. According to the Ponemon Institute, the total average cost of a data breach is now $3.8 million, up from $3.5 million in 2014.

IT security best practices ebook

While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. In addition to providing employees with security best practices they should follow, don’t forget to also include a list of actions they should not. Here are just a few pieces of advice we regularly offer our investment firm clients. You can download our full IT Security Dos & Don'ts eBook by clicking here

DO:

  • Lock your computer and mobile phone(s) when you leave your desk and/or office

  • Use care when entering passwords in front of others

  • Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Operations  Infrastructure  Communications  Business Continuity Planning  Trends We're Seeing 



Top Industry Trends in 2016 for Hedge Funds and Beyond

By Kaleigh Alessandro,
Thursday, January 7th, 2016

With a new year brings new excitement and new ambition. Across the hedge fund and alternative investment industry, firms are devising new strategies and implementing plans to drive growth and increase returns. In 2016, we expect the following industry trends will play a role in shaping many of the decisions hedge funds and other investment management firms make.Hedge Fund Cybersecurity in the Cloud

Hedge Fund Cybersecurity 2.0

Last year, cybersecurity took center stage across the investment community, and there is little doubt that it will continue to dominate in 2016. If we can assume that firms used 2015 to shore up security practices and have, at minimum, established a baseline for protecting firm assets with firewalls, password protections and penetration testing, we can expect 2016 to take cyber preparedness to the next level in the form of advanced features and analytics including phishing and social engineering tests, designed to increase the level of preparedness held by firm employees. With cyber-attacks increasing in sophistication, firms will need to spend time in 2016 working with managed providers and internal IT teams to continue the education process and identify strategies to outsmart hackers.

Categorized under: Hedge Fund Operations  Security  Hedge Fund Due Diligence  Hedge Fund Regulation  Trends We're Seeing 



Best of the Blog: 2015’s Most Popular Hedge IT Articles

By Kaleigh Alessandro,
Tuesday, January 5th, 2016

Happy New Year! Here at Hedge IT, we’re looking forward to sharing more educational articles with you in 2016, but before we do, let’s take a look back at our readers’ favorite articles from last year.

Cybersecurity Regulations Take Center Stage

The Securities and Exchange Commission took major strides to regulate investment firm cybersecurity practices in 2015, with the release of multiple guidance updates (Click for the September 2015 update). At a high level, the SEC has identified the following six areas as paramount for investment firms to demonstrate preparedness:

  1. Risk Assessments

  2. Governance

  3. Training

  4. Access Control

  5. Vendor Management

  6. Information Sharing

In December 2015, we participated in a Wells Fargo Prime Services cybersecurity event and the panelists outlined everything your hedge fund needs to know about the SEC’s security expectations. Read “SEC Cybersecurity Checklist: 6 Areas Your Hedge Fund Better Have Covered” for the full scoop. 

Categorized under: Trends We're Seeing  Launching A Hedge Fund  Hedge Fund Insiders  Security  Hedge Fund Regulation 



IT Security Dos and Dont's: A Best Practice Guide (Video)

By Kaleigh Alessandro,
Tuesday, December 29th, 2015

If you’re a loyal Hedge IT reader, you may remember we highlighted a few simple dos and don’ts that, when utilized, can go a long way in shoring up your firm’s security. To make it easy, we’ve put these tips together into a video. Take a look below and discover a vast range of security tips and tricks from email encryption to proper security measures for protecting computers and mobile devices. 

 

Categorized under: Videos And Infographics  Cloud Computing  Security  Disaster Recovery  Hedge Fund Operations  Infrastructure  Communications  Business Continuity Planning  Trends We're Seeing 



SEC Cybersecurity Checklist: 6 Areas Your Hedge Fund Better Have Covered

By Mary Beth Hamilton,
Thursday, December 10th, 2015

Earlier this week we presented at a Wells Fargo Prime Services breakfast briefing on cybersecurity. During the discussion, Stuart Levi of Skadden reminded attendees that the SEC has clearly defined (and communicated) its cybersecurity expectations. He recapped the following six areas advisers must have covered to demonstrate preparedness to regulators.

1. Risk Assessments
2. Governance
3. Training
4. Access Control
5. Vendor Management
6. Information Sharing

Here's Eze Castle Integration's take on these focus areas:

#1 Risk Assessments

The April 2015 SEC Cybersecurity Guidance Update goes deeper into risk assessments expectations. Here are some key cyber risk assessment takeaways:

  • Define what confidential data is and determine how it's protected.

  • You must also understand where your data is located, how it is collected and who and what technology systems have access to it.

  • Registered investment advisers should have a clear understanding of the threat landscape, including potential internal and external risks as well as unique vulnerabilities specific to the firm. Evaluate a variety of potential scenarios as well as their likelihood to occur.

  • Once firms understand the risks facing their organization, they must conduct assessments of the existing controls and processes to ensure they account for the risk landscape and put the appropriate safeguards in place.

  • Be sure to understand the potential impacts of various cyber risk scenarios and outline specific protocols for incident response and quick resolution. The impact of cybersecurity incidents can range from financial to technological to reputational.

  • Finally, testing and assessing the governance structure, including administrative and technical safeguards, is key to ensuring effectiveness.

#2 Governance

Gone are the days of management simply outsourcing responsibility to third-party experts and trusting them blindly. Telling the SEC, “we hired the best security consultant,” won’t cut it. Today management must understand their firm’s security posture and be able to outline the safeguards that are in place to minimize risk.

Additionally, management must instill the importance of security preparedness in all employees by making it a top-down priority.

Categorized under: Security  Launching A Hedge Fund  Hedge Fund Insiders  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Trends We're Seeing 



Putting the Smart in Smartphone Security: Six Consumer Tips

By Katie Sloane,
Thursday, December 10th, 2015

Mobile devices have transformed the way we manage our everyday lives: from how we track our bank accounts, to interacting with friends and family to booking travel, and so on.  Everything you need is at your fingertips, but are you taking the proper security measurements to protect your device?  Below are a few tips to help keep your smartphone’s data safe. 

  1. Set a Password: When you do not set a password to lock your phone, anyone who obtains possession of the device has instant access to all of your apps that automatically log-in upon launching. This is a simple security measure to take and yet, according to Consumer Reports' annual State of the Net Survey, only 36 percent of smartphone owners have a passcode. From a business use perspective, any device that accesses corporate email or networks should have a complex password and be managed by mobile device management tools such as AirWatch or Good Technology.

  2. Mobile Security Apps: Looking to the future, we expect the adoption of mobile device security apps that provide antivirus, privacy and anti-malware protection to increase. And for good reason. According to the June 2014 McAfee Labs Threat Report, mobile malware has increased by 167 percent in the past year alone. Companies, such as AirWatch, aim to ensure your enterprise mobility deployment is secure and corporate information is protected with end-to-end security. 

Categorized under: Security  Communications  Software  Trends We're Seeing 



View earlier posts in the archive

Recent Posts / All Posts


 

Eze Cloud Information

Subscribe to Hedge IT

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Recent Articles

Categories

Archives