Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Security

NASAA Cybersecurity Report Recap: Our Favorite Graphics and Findings

By Katie Sloane,
Tuesday, September 30th, 2014

The North American Securities Administrators Association (NASAA) recently released survey results of cybersecurity practices of small and midā€sized investment adviser firms. The purpose of NASAA’s pilot project was to better understand cybersecurity practices of state-registered investment advisers. In today’s post, we will share our favorite graphics and findings from the organization’s survey.   

Client Contact via E-mail & Use of Secure E-mail

NASAA's survey reported 92% of investment firms contact clients through e-mail and/or other electronic messaging and only 54% of that group utilizes secure email. While 14% were unsure, a staggering 30% responded that they did not utilize secure messaging whatsoever. 

Hedge fund secure e-mail

Categorized under: Security  Business Continuity Planning  Software  Trends We're Seeing  Videos And Infographics 



Educate Employees About Cybersecurity: A Hedge Fund's Security Depends On It

By Mary Beth Hamilton,
Thursday, September 25th, 2014

The following article originally appeared last month on the Tabb Forum.

Cybersecurity is a hot topic -- and rightfully so -- as headlines tout new vulnerabilities or incidents with increasing frequency. In the fight to prevent attacks, technology safeguards are typically the focus. A firm must have layers of security that include, but are not limited to, anti-virus, firewalls, intrusion detection systems and Internet monitoring and reporting, as well as procedures that restrict and monitor access. 
 
However beyond technology, the role employees play cannot be underestimated. The reality is that employees can be one of a firm’s best lines of defense or weakest link. The deciding factor in which way it swings often comes down to access control policies and cybersecurity training.

Getting the Access Right

Employees require access to the data necessary to complete their job functions. But beyond that, firms should be limiting what data employees have access to. It’s not about not trusting your employees, but more so about not trusting the technology behind those employees. The less data employees can get to, the less damage can be done via an internal breach or external hack.

The SEC Cybersecurity Risk Alert issued in April 2014 highlights the importance of access control by asking about the controls a firm maintains to “prevent unauthorized escalation of user privileges” and how firms “restrict users to those network resources necessary for their business functions.”

Part of a firm’s cybersecurity planning must be defining how company data is protected, where it is located and who has and needs access. Once access levels are defined, they must be reviewed at least annually to ensure adherence firm wide.

Categorized under: Security  Cloud Computing  Hedge Fund Operations  Trends We're Seeing 



Apple to iPhone Users: Here's How to Protect Your Devices

By Kaleigh Alessandro,
Tuesday, September 23rd, 2014

Security has been THE topic of 2014 thus far and was amped up last week when many A-list celebrities’ phones were hacked and racy photos released. The hack was allegedly the result of an iCloud infiltration, prompting many Apple users to question the company’s privacy settings. In response, Apple CEO Tim Cook released a letter to consumers, and the company’s website will now feature a privacy section:
 

Apple CEO Tim Cook


Apple’s privacy site includes details on both the built-in security features within Apple devices as well as how users can manage their own privacy settings and tailor them to individual needs. Here is a brief snapshot of some security functions highlighted:

Built In Privacy

  • iMessages and FaceTime calls are protected with end-to-end encryption

  • iMessages and SMS messages are backed up to iCloud, but can be turned off by the user

  • All iCloud content is encrypted in transit and when stored (in most cases)

  • iCloud Keychain allows users to create strong passwords and stores them securely without giving Apple access

  • Safari blocks third-party cookies on all devices and offers private browsing

Categorized under: Communications  Cloud Computing  Security  Software  Trends We're Seeing 



How the Financial Cloud Should Be Protected (A Presentation)

By Mary Beth Hamilton,
Tuesday, September 16th, 2014

Last week our SVP of client technology, Steve Schoener, presented at a hedge fund due diligence event on the topic of protections in the cloud.

Since cloud security and ensuring a hedge fund’s data is protected is such a hot topic we thought we’d share his presentation. In a nutshell, the presentation looks at the layers of security that should be built into a cloud environment, which includes deep and detailed practices around:

  1. Principle of Defense in Depth

  2. Principle of Least Privilege

  3. Audit & Logging

  4. Secure User Authentication Protocols & Encryption

Check out the complete presentation for more details:

Categorized under: Cloud Computing  Launching A Hedge Fund  Security  Hedge Fund Due Diligence  Infrastructure 



Assessing Your Firm's Attitude Toward Security: What's Your Type?

By Kaleigh Alessandro,
Thursday, August 21st, 2014

If there’s one thing we’ve learned over the years when it comes to security, it’s that there’s a whole lot more to creating a secure hedge fund (or any business for that matter) than robust technology. Before identifying infrastructure components and implementing operational policies, a firm must first be clear on what its attitude is toward security. This attitude will filter through the company from the top down, and will therefore dictate how employees and the business as a whole operate on a daily basis.Security
 
To give you a clearer understanding of what we mean, we’ve created three security profiles that cover a wide spectrum in terms of security attitudes and practices.

Under the Radar: Low Security

If you’re attitude toward security is low, odds are you’re barely scraping the surface in terms of what practices and policies you should be employing to maintain proper security firm-wide. You likely rely on quick fixes to solve problems instead of looking at the bigger picture and thinking strategically about how security can both benefit and protect your business. You’ve employed minimal preparedness efforts and could be in for a difficult task if faced with a serious security incident. You probably take a “it won’t happen to me” attitude and don’t take security seriously enough – a stance that could endanger your firm in the long term.

Categorized under: Security  Launching A Hedge Fund  Cloud Computing  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



Putting the Smart in Smartphone Security: Six Consumer Tips

By Katie Sloane,
Thursday, August 14th, 2014

Mobile devices have transformed the way we manage our everyday lives: from how we track our bank accounts, to interacting with friends and family to booking travel, and so on.  Everything you need is at your fingertips, but are you taking the proper security measurements to protect your device?  Below are a few tips to help keep your smartphone’s data safe. 

  1. Set a Password: When you do not set a password to lock your phone, anyone who obtains possession of the device has instant access to all of your apps that automatically log-in upon launching. This is a simple security measure to take and yet, according to Consumer Reports' annual State of the Net Survey, only 36 percent of smartphone owners have a passcode. From a business use perspective, any device that accesses corporate email or networks should have a complex password and be managed by mobile device management tools such as AirWatch or Good Technology.

  2. Mobile Security Apps: Looking to the future, we expect the adoption of mobile device security apps that provide antivirus, privacy and anti-malware protection to increase. And for good reason. According to the June 2014 McAfee Labs Threat Report, mobile malware has increased by 167 percent in the past year alone. Companies, such as AirWatch, aim to ensure your enterprise mobility deployment is secure and corporate information is protected with end-to-end security. 

Categorized under: Security  Communications  Software  Trends We're Seeing 



FCA to Financial Services Firms: Social Media Promotions Require #Ad Compliance

By Kaleigh Alessandro,
Thursday, August 7th, 2014

Hedge fund marketing and advertising has greatly evolved in the past few years, both with regulatory changes taking effect (in the US, the JOBS Act now allows public advertising) and new forms of media emerging, particularly social platforms such as Twitter, Facebook, LinkedIn and YouTube.Social Media Apps
 
In the UK this week, the Financial Conduct Authority (FCA) took steps to further regulate how financial services firms market to consumers by launching guidance consultation on social media usage. As evidenced by FCA Director of Supervision Clive Adamson, the consultation is intended to ensure financial promotions on social media platforms protect consumers and are disseminated in a way that fairly balances both benefits and risks.
 
“The FCA sees positive benefits from using social media but there has to be an element of compliance. Primarily, what firms do on social media must ensure customers are at the heart of their business. Our overall approach is that financial promotions, whether on social media or traditional media, should be fair, clear and not misleading. We have had extensive industry engagement on this issue and we believe our guidance is a sensible approach that doesn’t affect industry’s ability to innovate using new forms of media. We recognise social media are constantly evolving. We, therefore, welcome feedback to [the] consultation and look forward to continuing the discussion with industry."

Categorized under: Hedge Fund Regulation  Security  Hedge Fund Operations  Communications  Trends We're Seeing 



Monetary Authority of Singapore (MAS): Technology Risk Management Guidelines Overview

By Kulvinder Gill,
Tuesday, August 5th, 2014

Monetary Authorirty of SingaporeThe last five years has seen an increase in reliance on technology among financial institutions. IT outsourcing has become more attractive to the financial services industry - but against the backdrop of increased reliance on complex IT systems and operations is the heightened risk of cyber-attacks and system disruptions.

In June 2013, the Monetary Authority of Singapore (MAS) issued the Technology Risk Management Guideline (TRMG), which addresses existing and emerging technology risks within financial institutions.   
 
The objective of the TRMG is for financial firms to establish a sound and robust technology risk management framework, strengthen system security, reliability, resiliency, recoverability and deploy strong authentication to protect customer data and systems.

In today’s blog article we will take a look at some of the key guidelines covered in the guide:

Categorized under: Hedge Fund Regulation  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Infrastructure  Outsourcing  Business Continuity Planning 



Cloud Computing: The Growing Competitive Advantage for Hedge Funds

By Katie Sloane,
Thursday, July 31st, 2014

The competition amongst firms in the financial services industry is ever burgeoning, and in order to achieve differentiation, it is imperative for firms to create and maintain robust, manageable, scalable and reliable technology infrastructures. Increasingly, we’re seeing more than just emerging managers opting for a cloud solution and established hedge funds and alternative investment firms shifting gears from traditional on-premise IT infrastructures to cloud services.Why the Billion Dollar Club is going Cloud
 
If you missed our webinar yesterday on Why the Billion Dollar Club is Going Cloud, read our recap below or scroll down to watch the full webinar replay, featuring Eze Castle’s Managing Directors Bob Guilbert and Vinod Paul.

The Business Case for the Cloud: Why Established Firms are Making the Move

Across the industry, established firms that have been in business for several years are moving away from physical infrastructures and adopting the cloud. Traditionally, investment firms would allocate substantial capital budgets to build on-premise Communication (Comm.) Rooms. These cost-intensive infrastructures can take months to build out, and specific expenses can vary depending on a firm’s unique needs. For example, at minimum, investment firms require file services, email capabilities, mobility services and remote connectivity, as well as disaster recovery and compliance. Beyond those, many firms also require systems and applications such as order management systems (OMS), customer relationship management tools (CRM), and portfolio management or accounting packages.

Categorized under: Cloud Computing  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Trends We're Seeing  Videos And Infographics 



Data Destruction Basics: Why Deleting Your Hedge Fund Data Isn't Enough

By Kaleigh Alessandro,
Thursday, July 24th, 2014

Destroyed Hard DriveYour hedge fund's information security plan likely includes details on where information is stored, how it is accessed and who it is accessible to. But a critical component of this plan often overlooked is how and why data is destroyed when it is no longer needed. Including data destruction procedures in your WISP or as a separate document is vital to ensuring your firm’s sensitive data and intellectual property does not fall into the hands of the wrong people. Unfortunately, in today’s technology-driven, cyber-aware environment, simply hitting the delete key is not enough.
 
There are a few different scenarios that warrant secure data destruction maneuvers:

Your methods and policies for secure destruction may vary according to the above scenarios, or they may be standard across the firm. Your hedge fund should also consider if there are any regulatory implications. Do you need to maintain/archive data for a prescribed period of time in order to comply with state, federal or other compliance or auditing standards?
 
In any case, you’ll want to consider a variety of methods in the beginning to ensure your firm’s confidential data (e.g. investment portfolio, investor contact information, etc.) is thoroughly destroyed, preventing unwanted breaches or thefts.

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Trends We're Seeing 



View earlier posts in the archive

Recent Posts / All Posts