Eze Castle Integration Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Security RSS

Social Engineering: The Human Element to Hedge Fund Hack Attacks

By Mark Coriaty,
Thursday, October 20th, 2016

As financial firms become increasingly interconnected and globalized, their dependence on cyberspace has skyrocketed. While this amplified reliance on the infobahn has accelerated productivity and growth, it has also exposed firms to larger risks, such as hacking, malware, spyware and social engineering. The latter, which is the most disregarded element of an organization’s security program, is also the most dangerous.IT Security Dos and Don'ts for Hedge Funds

Social engineering (e.g. phishing, pretexting, baiting, etc.) relies on the exploitation of human behaviors to breach an organization’s information security system. Hackers prey on propensities of human nature, including:

  • Trust: Some people are trusting to a fault; therefore, they do not question the intentions/identity of another person until proven to be false.

  • Ignorance: Disregard for the consequences of carelessness with sensitive business information.

  • Laziness: Willingness to cut corners, such as not filing away confidential paperwork and leaving it exposed for others to see.

  • Kindness: Employees want to feel that others can leverage them for their assistance and information because we’ve trained them to do so. However, this can lead to divulging too much information to the wrong person.

Categorized under: Security  Trends We're Seeing 

Regulatory Risk for Investment Advisors: Guidance, Enforcement and Compliance

By Katelyn Orrok,
Tuesday, October 18th, 2016

As our Risk Outlook Series continues, we recently spoke with John Araneo, Partner at Cole-Frieman & Mallon LLP in New York, about many of the regulatory risks facing hedge funds today, including compliance, expense allocations and cybersecurity. Continue reading for a brief synopsis or scroll down to watch our webinar replay below. 

How would you describe the current regulatory climate for fund managers and investment advisers?

For hedge fund managers and investment advisers, the regulatory expectations have never been higher. Looking ahead to 2017, managers and advisers should expect the challenge of having to navigate potentially seismic regulatory changes - each of which has the potential to complicate business practices and add to the cost and complexity of compliance.

How should clients prepare to react to these changes?

It’s a top-down approach that all comes down to compliance. A culture of compliance is no longer a lofty goal or a cliché; it is now a regulatory expectation. There needs to be a robust compliance program, actual implementation, and accountability. Clients should be prepared and able to effectively manage the SEC examinations. Managers need to take time to understand regulatory priorities and expectations before an exam.

What is the current regulatory regime's appetite for outsourcing the compliance function?

There is no requirement for firms to employ a full-time person to service compliance. However, the worries about outsourcing certain functions, particularly the compliance officer function, may lead to weakened compliance culture. The opportunity of outsourcing creates a gap between the compliance function and the operations, decision makers and day-to-day activities. Outsourcing can be effective and sufficient, but management needs to resist setting it and forgetting it.

Categorized under: Hedge Fund Regulation  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Trends We're Seeing  Videos And Infographics 

20 Cybersecurity Dos and Don'ts Your Employees Should Follow

By Kaleigh Alessandro,
Tuesday, October 11th, 2016

IT security best practices ebookWith October being cybersecurity awareness month it is an important time to ensure your firm and employees are aware of and using best practices, and security policies and procedures. Risk mitigation is needed to protect both the firm and its employees from savvy hackers and attacks. Data breaches continue to wreak havoc on businesses, and the cost is continuously rising. According to the Ponemon Institute, the total average cost of a data breach is now $4 million, up from $3.8 million in 2015. Hackers have everything to gain while your firm bears reputational and operational harm.

While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. To get started here are just a few pieces of advice we offer our investment firm clients and remember to not only inform employees on what to do, but also what not to do.


Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Operations  Infrastructure  Communications  Business Continuity Planning  Trends We're Seeing 

Do You Have What It Takes to Fight Malware? #CyberAware

By Mary Beth Hamilton,
Thursday, October 6th, 2016

In honor of October being National Cyber Security Awareness Month, we’ll be bringing helpful articles on a range of topics starting with this one on understanding malware.

We’re also debuting our first interactive game, FreEze!, where your challenge is to hit malware before it hits you (à la Space Invaders). Play the game below or keep reading for more on malware -- or do both!

Play FreEze and be a Malware Fighter

 Play FreEze Malware Game

Categorized under: Security  Hedge Fund Operations  Trends We're Seeing  Videos And Infographics 

Five Hedge Fund Cybersecurity Risks and Struggles

By Katelyn Orrok,
Tuesday, October 4th, 2016

In Part Three of our Risk Outlook Webinar Series, Michael Corcione, Managing Director of Cordium, spoke about compliance and cybersecurity trends in the investment industry. Although cybersecurity risks and struggles can vary from firm to firm, it is important to address a number of key areas.

Continue reading for quick takeaways or scroll down to watch the 30 minute video replay.


Good security can be achieved as firms move from reactive to proactive strategies. Firms usually start with the goal of checking the box for regulators, but they need to get beyond the 'check-the-box' exercises and test controls. The SEC’s 2015 cybersecurity guidance update provided more specific insights on cybersecurity focus areas for investment firms - governance and risk assessments, training and awareness, incident response, data loss prevention, access rights controls, and vendor risk management. Hedge funds and investment firms should use this as a framework, understand how they have addressed these areas and where they need to improve. 


A good cybersecurity program starts with the leadership team, and they need to set the tone from the top down. This way everybody understands the impact of risk and its effects on the firm. Leaders should acknowledge risk, understand risk, and lead ongoing discussions firm-wide.

Categorized under: Security  Hedge Fund Operations  Trends We're Seeing  Videos And Infographics 

Six Questions to Ask About Your Investment Firm's Cybersecurity Risk

By Katelyn Orrok,
Tuesday, September 27th, 2016

During Part 2 of our Risk Outlook Webinar Series we spoke with Eze Castle Integration Director Dan Long about how investment firms should address evolving cybersecurity risks, third party service provider oversight and employee training and education. Many of the points Dan addressed highlight questions hedge funds and private equity firms should be asking themselves.

Read on or scroll to the bottom to watch the full, 30-minute replay.

What is our commitment to cybersecurity and what is our outlook on the future?

Regulators and investors continue to ask more questions about cybersecurity because they want to know that firms are effectively mitigating risk. To meet these growing expectations, firms must demonstrate that you take cybersecurity risk seriously and have implemented sound systems, policies and procedures to combat those risks. As the threat landscape and technology continue to evolve, investment management firms need to evolve accordingly and develop better ways to counteract threats. Firms don’t necessarily need to implement every available security technology, but they should be keenly aware of their options and have a plan to effectively mitigate as much risk as possible.

How are we addressing third party risk and oversight?

Investment management firms often rely on third party vendors to obtain functionality or capabilities that they need, want or can’t afford to produce on their own. But moving functions out of the firm's control can present challenges. With any outsourced function, the firm inherently takes on additional risks at the hands of the third party. But it's critical for investment managers to limit those risks through sufficient due diligence. To combat vendor risk, financial firms need to maintain strict oversight of all third party relationships and investigate security practices and protocols, particularly for those vendors who have access to the firm's confidential information. An outsourced vendor should be providing the same level of security (or better!) as your firm would if the function was under in-house control.

Categorized under: Security  Private Equity  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Outsourcing  Business Continuity Planning  Videos And Infographics 

The Transformation of Private Equity Operations (Webinar Recap)

By Katelyn Orrok,
Thursday, September 22nd, 2016

Private equity firms have been slow to embrace outsourcing, but managing data and technology is more complex than ever. With increasing regulatory requirements and a growing urge to focus on core competencies, PE firms are shifting their views of the back office. In case you missed our recent webinar on 'The Transformation of Private Equity Operations', speakers from Citco Fund Services and Eze Castle Integration examined the changing tide for private equity operations and how CFOs, CTOs and fund managers alike can control operating costs, maximize efficiency and better perfect operational workflows.

Drivers for change.

The number one reason for managers to make the switch to an outsourced solution is the desire for managers to get back to their roots. The idea of back office transformation is really founded in that managers have found themselves spending much more time doing everything but raising money and investing money.

Beneath this layer, back office transformation is also driven by regulation, investor transparency, the lifecycle of a private equity firm, and global reach. Slow adoption, fast results. The private equity sector has been slow on the uptake when it comes to outsourcing, and we contribute this lag due to lack of education on the process and benefits of outsourcing. In the past three to five years, adoption in the PE space has increased because it is cost effective, secure and feature rich. Private equity firms that have made the switch wonder why others are not doing the same. The idea of leveraging an experienced managed service provider is one that private equity firms have really embraced because there is no burden for firms to hire and attract talent, which can be challenging and expensive.

Categorized under: Private Equity  Cloud Computing  Security  Outsourcing  Infrastructure  Trends We're Seeing 

The Hedge Fund COO’s Perspective on Risk

By Kaleigh Alessandro,
Tuesday, September 20th, 2016

Risk. Across the financial services industry, it’s a buzzword right now, and rightfully so. Perpetuated by mounting regulatory change, growing cybersecurity threats and a challenging market climate, the focus on risk is one that grows with each passing day.
As such, we are hosting a 6-week webinar series, Risk Outlook, wherein we’re interviewing industry experts on a host of risk-related topics. To kick off the series, last week we interviewed Mark Strachan, chief operating officer and compliance officer for BBL Commodities, a New York hedge fund. Read on for a recap of my conversation with Mark or scroll to the bottom to watch the webinar replay.
Question (Q): The last 5-10 years have been challenging for the investment management industry, looking back to the 2008 financial crisis as well as with increasing regulatory initiatives and changes across the investor due diligence process. How have your views on risk and the risk landscape evolved during this time? Or have they evolved?
Mark Strachan (MS): I think they’ve certainly evolved. The core features of non-investment risk – such as operational, counterparty, regulatory, security and business risk – have been constant, but they have evolved in terms of their complexity, our experiences with them, the tools available to help mitigate exposure and the focus by investors through their due diligence process.

Categorized under: Trends We're Seeing  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Outsourcing  Videos And Infographics 

Before Installing Apple’s iOS 10, Review Our Critical To-Do List

By Mary Beth Hamilton,
Tuesday, September 13th, 2016

The new Apple iOS version 10, that was released today, delivers some cool new features but before jumping in we recommend you review the following upgrade steps.

Here’s why.  As with any major update, there can be risks associated with early adoption until issues are uncovered and Apple has the time to debug and fix them. Eze Castle Integration has learned of some significant potential issues including risk of data loss due to incompatibilities with mobile device management (MDM) applications.

So here’s a critical to-do list before starting the iOS 10 upgrade.


  • Backup your device. Always take a backup before updating your device. 

1. The best way to do this is via WiFi at night when the device is also plugged into a power source (computer or electrical outlet). iCloud will back up your device on its own if configured correctly and provided you have enough storage. To ensure this is occurring, launch the Settings App -> iCloud -> Backup and see what it says next to “Last Backup:”. If it only states a time, then it means it backed up today and no further action is needed. If it says a date, you can back up the device by clicking “Back Up Now”. (Note: WiFi is required to back up this way). If this fails, you can back up to iTunes (see next bullet) or clients can call ECI’s Help Desk for assistance.

2. Alternatively, you can backup using iTunes. Plug the device into a computer, launch iTunes, right-click on your device and click “Back Up.” 

  • Manually backup passwords. Ensure you know your iCloud passwords, iTunes Store password, email passwords and any other critical passwords. Write them down and test them. Then safely and securely discard that information. As a best practice, there are secure password storage applications available through the App Store. 

  • Copy anything you can’t live without. Backup anything (i.e. photos) that you cannot live without. Do so in a way that you can verify the backup easily. One option is enabling iCloud Photo Library so you can access copies of your photos on all your other iOS devices. 

Categorized under: Security  Hedge Fund Operations  Infrastructure  Communications  Software  Trends We're Seeing 

Setting Up Secure File Sharing at Your Hedge Fund: Varonis on Eze Cloud

By Mary Beth Hamilton,
Tuesday, September 6th, 2016

As we work with clients on completing due diligence questionnaires (DDQs), one increasingly common question is, “does your firm block access to data sharing sites such as DropBox or Google Drive?”

Generally the answer to this question should be ‘Yes,’ but that isn’t always the case because public file sharing services such as these are very convenient, and firms may overlook the security risk they pose. Additionally, employees accustomed to using Dropbox for personal use may be tempted to go for convenience over security when they need to share a large file or data set.

However, with security threats multiplying exponentially, hedge funds and alternative investment firms need to be proactive in protecting data and personally identifiable information (PII) from accidental and malicious insider risks. That’s why for secure file sharing Eze Castle Integration includes Varonis' DatAnywhere product as a standard feature within our Eze Managed Suite. Varonis' DatAnywhere offers users seamless and secure collaboration and file sharing across devices.

Beyond security, Varonis' DatAnywhere is easy to use. Users receive the same drag-n-drop experience as shared network drives or a cloud sync folder, which means no need for training on complex user interfaces and collaboration workflows. Additionally, data is automatically backed up and version controlled.

Categorized under: Infrastructure  Cloud Computing  Security  Trends We're Seeing  Videos And Infographics 

View earlier posts in the archive

Recent Posts / All Posts