This month (February 2015) The Financial Industry Regulatory Authority (FINRA) issued a Report on Cybersecurity Practices to assist firms in responding to the growing threats of cyberattacks. The report centered on seven (7) “key points” as defined by FINRA.
Our team regularly counsels clients on how to address these cybersecurity practices. So in the interest of sharing, here is a high level snapshot of how Eze Castle Integration addresses the key points in the report.
Key Point 1: A sound governance framework with strong leadership is essential. Numerous firms made the point that board- and senior-level engagement on cybersecurity issues is critical to the success of firms’ cybersecurity programs.
Eze Castle Integration has an appointed Chief Information Security Officer and an established Computer Security Incident Response Team (CSIRT). CSIRT members have predefined roles and responsibilities, which can take priority over normal duties. The CSIRT team is overseen by the Chief Information Security Officer (CISO), and comprised of individuals from various groups such Network Operations, Client Services, Cloud Services, Project Management, and Human Resources.
In its 2015 priorities, the SEC’s Office of Compliance Inspections and Examinations (OCIE) listed cybersecurity as a key focus area in its risk-based assessments. Then on February 3, 2015, OCIE released summary findings from its Cybersecurity Examination Sweep.
OCIE’s sweep focused on written documentation for their assessment and conducted "limited testing" of the accuracy of the responses. They did not review the technical sufficiency of the firms’ programs either. OCIE’s reliance on documentation highlights the importance of complete Written Information Security Policies.
Following are noteworthy items Eze Castle Integration observed in reviewing the findings.
Most firms adopted written information security policies, but 43% of advisers did not conduct periodic audits to determine compliance with these information security policies and procedures.
49% of advisers did not discuss mitigating the effects of a cybersecurity incident and/or outline the plan to recover from such an incident in their written business continuity plans.
The vast majority of examined firms conduct periodic risk assessments, on a firm-wide basis, to identify cybersecurity threats, vulnerabilities, and potential business consequences. However, only 32% of advisers require cybersecurity risk assessments of vendors with access to their firms’ networks.
In the Written Information Security Plans (WISP) Eze Castle Integration creates for clients, we include service provider risk assessments as a standard element.
Valentine’s Day is just around the corner, and Eze Castle is taking heed of this opportunity to spread the love.
For the fifth consecutive year, we are hosting a "Like for Life" Campaign with the intent to spread awareness and raise donations for a charitable cause. This year, we will be supporting School on Wheels, an organization that strives to educate and empower underprivileged children impacted by homelessness. The group’s mission is to augment the educational opportunities available to more than the 1.6 million homeless children in the United States.
Winter Weather Preparedness: Considerations for Keeping Your Firm and Employees Operational This Winter
Anyone who lives in a region that regularly receives snow knows (and expects) that every winter brings the potential for experiencing disruption, delays, cancelations and closures to roads, buses, trains, boats and subways that transport people to and from work. (If you’re in the Boston area, you’re experiencing this today with the MBTA shutting down all rail service to clean up from more than 70 inches of snow in the last three weeks.) Snow storms don’t just affect transportation though; weather events can cause power outages, force evacuations, impact deliveries, and as we saw recently with Winter Storm Juno, can cause entire states to ban travel.
Impacts of heavy snow if traveling to work
Let’s consider some of the issues firms can face even if a travel ban isn’t in place and employees must attempt to make their way to the office.
Most people who commute to work know that adverse weather can have a major impact on their travel to and from the office. Regardless of the manner of transportation (car, rail, subway, boat, bus, etc.), all will most likely experience delays and present challenges for commuters during a snow storm. Delays, breakdowns, cancellations, and longer commuting times are very common throughout a storm and can still impact travel days after a storm concludes, leaving employees largely unable to work effectively if at all.
With a new year comes new regulations for hedge funds and investment firms. Earlier this week, Eze Castle Integration hosted a webinar during which Ricardo Davidovich, partner at Haynes & Boone LLP shared his insight into the Securities and Exchange Commission’s (SEC) new examination priorities as well as reoccurring themes firms should expect to see play out through the year.
What’s New in 2015
One priority for examinations this year is the focus on retail investors. Davidovich says that “hedge funds, which in [the SEC’s] mind have historically been an exclusive and private club, are being sold to the retail and consumer client base.” Meaning they will be taking a closer look at the types of fees being sold, the sales practices and the suitability analysis. Firms should focus on making sure no information released is misleading and that there are provisions against fraud. There should be a real emphasis on policies to create guidelines that can be shown and proven to the SEC.
At a time when cyber-attacks are becoming more and more frequent, protecting your company’s information is of the utmost importance, which is why Eze Castle Integration is advising clients to hold-off on downloading Microsoft’s Outlook for IOS and Android.
In December 2014, Microsoft acquired tech company, Acompli, which was known for their mobile mail application. Now in 2015, Microsoft has rebranded the app as an Outlook application for IOS and Android phones. While the product has done well and has a following, many are wary of certain procedures and features that could compromise information moving forward.
How Does It Work?
The application uses ActiveSync (EAS), for the majority of users, and OWA, for advanced functionality. EAS grabs information from Exchange, which then is processed and pushed to the clients. However, each step of the process has potential complications. The platform includes email, calendar features, attachment integration with OneDrive, Dropbox, Google Drive, Box and iCloud, and customization.
HFMWeek Catches Up with Eze Castle Integration’s Managing Director, Vinod Paul, To Discuss How Technology Can Help Tackle the Challenges Facing Hedge Fund Start-up Firms.
HFMWeek (HFM): Are you seeing a healthy market for new hedge fund launches in the US?
Vinod Paul (VP): 2013 and 2014 were very strong years for start-ups in the US. Our US pipeline is also quite healthy for 2015 in terms of start-ups, which is a little different to Europe, where there aren’t as many launches. In terms of overall US business, 50% of the clients we brought on in 2014 were start-ups; this is up from 40% in 2013. There are several factors that have contributed to this, some that we cannot control, such as how the wider market performs. Institutional money coming back into the market is causing some of the start-up activity. Many of the start-ups we have been able to bring on were funded by larger institutions. HFM: How are today’s start-up funds different than those from five years ago?
If you live in the Northeast United States – anywhere from DC to Maine – you’re likely living through the Blizzard of 2015 right now. Snow and heavy winds are pounding the East Coast, with snow totals expected to exceed 2 to even 3 feet in many areas and wind gusts to reach hurricane strength.
During weather events such as this, it’s critical that firms take precautions to ensure that not only do their technologies work and their businesses remain operational, but that their employees are safe, connected and receiving constant communications. We’ve experienced many events such as this in recent years – Hurricane Sandy is probably the most memorable – but the Blizzard of 2015 is an important reminder to firms about employing comprehensive business continuity plans and disaster recovery systems.
Here are a few reminders to get your firm through this latest weather event:
Communicating effectively with your employees is especially critical before, during and after disasters and other weather events. Be sure to keep your employees in the loop on what’s happening and what’s expected of them. Should they work remotely in the event they can’t get to the office? Are non-essential personnel expected to use paid time off? When can they expect updated communications regarding next steps?
If your firm employs a comprehensive BCP, you’ve likely already shared regional Quick Reference Cards so your staff is aware of evacuation locations, remote access policies and instructions and other communication essentials.
According to the Center for Disease Control (CDC), "All national key flu indicators are elevated and about half of the country is experiencing high flu activity." So here are some tips to keep your firm operating smartly during flu season. Watch, read and learn.
Monitor the flu situation.
Get a flu shot.
Limit exposure to others if you have flu symptoms.
Limit onsite meetings.
Keep contact information current.
Review BCP and DR activation procedures.
Update employee DR materials.
Communicate flu policy.
Supply disinfecting wipes for all offices.
Stay home if you have the flu.
Contact us to discuss in more detail the role flu preparedness should play in your BCP.
Trying to avoid social media is increasingly futile, even for hedge funds. We live in a ‘sharing’ culture, so it’s time to embrace it and control (or at least contribute to) your online profile.
In its 2015 predictions article, third-party marketing firm Agecroft Partners listed increased social media usage by hedge fund managers and investors as a key trend, and here’s why:
“…Social media is being used for research, to build stronger relationships and help promote a firms’ brands in the market place. Some managers are also using it to promote their investment ideas in order to create a catalyst for a security. The most commonly used social media is LinkedIn, which is broadly used throughout the industry. In 2014, Twitter was used by many people in the industry for the first time and this is expected to increase in 2015. Finally, we are beginning to see some use in YouTube where organizations are creating videos that can be posted on websites, distributed through social media or emailed to a distribution group…”(Source: Top Hedge Fund Industry Trends for 2015 by Don Steinbrugge)
Getting the Basics Right: LinkedIn
If a hedge fund manager has time for only one social media outlet, LinkedIn is the one. Over 332 million people use LinkedIn, and new members join at a rate of 2 per second. Additionally, 40% of users check LinkedIn daily (source: Digital Marketing Ramblings).
And from a search perspective, your LinkedIn profile is almost guaranteed to come up on the first page of results for a Google search of your name. So let’s look at how hedge fund managers can enhance their LinkedIn profiles.
LinkedIn Profile Basics
You need a picture. People won’t take you seriously or want to connect with you if they can’t see what you look like. Plus, your profile is 11 times more likely to be viewed if you have a picture.
Write a summary. This is an open space that allows you to hone in on the key qualities, attributes and skills you want to highlight.
Include all (relevant) job experience. When you add your company, be sure it is linking to the firm’s LinkedIn page as this is an easy way to direct your connections back to your firm’s page after viewing your profile.
Add skills. From a personal brand perspective, adding skills is an easy way for people to find you.