Many years ago, business continuity plans were a nice-to-have feature for investment management firms. Only the largest and wealthiest firms employed them. In today's landscape, however, investors and regulators alike expect and demand that firms implement preparedness plans for disasters and cyber-attacks. BCP plans, therefore, are no longer optional.
The key to a successful business continuity plan lies in understanding the impact a disaster situation could have on a business and creating policies to respond to any such impact. Here are the five key steps to this plan:
We spend a lot of time educating our clients about security best practices and encouraging them to implement comprehensive security policies and procedures to mitigate risk and protect both the firm and its employees. And for good reason. Data breaches continue to wreak havoc for businesses, and the cost is steadily rising. According to the Ponemon Institute, the total average cost of a data breach is now $3.8 million, up from $3.5 million in 2014.
While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. In addition to providing employees with security best practices they should follow, don’t forget to also include a list of actions they should not. Here are just a few pieces of advice we regularly offer our investment firm clients. You can download our full IT Security Dos & Don'ts eBook by clicking here.
Lock your computer and mobile phone(s) when you leave your desk and/or office
Use care when entering passwords in front of others
Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)
With a new year brings new excitement and new ambition. Across the hedge fund and alternative investment industry, firms are devising new strategies and implementing plans to drive growth and increase returns. In 2016, we expect the following industry trends will play a role in shaping many of the decisions hedge funds and other investment management firms make.
Hedge Fund Cybersecurity 2.0
Last year, cybersecurity took center stage across the investment community, and there is little doubt that it will continue to dominate in 2016. If we can assume that firms used 2015 to shore up security practices and have, at minimum, established a baseline for protecting firm assets with firewalls, password protections and penetration testing, we can expect 2016 to take cyber preparedness to the next level in the form of advanced features and analytics including phishing and social engineering tests, designed to increase the level of preparedness held by firm employees. With cyber-attacks increasing in sophistication, firms will need to spend time in 2016 working with managed providers and internal IT teams to continue the education process and identify strategies to outsmart hackers.
Happy New Year! Here at Hedge IT, we’re looking forward to sharing more educational articles with you in 2016, but before we do, let’s take a look back at our readers’ favorite articles from last year.
Cybersecurity Regulations Take Center Stage
The Securities and Exchange Commission took major strides to regulate investment firm cybersecurity practices in 2015, with the release of multiple guidance updates (Click for the September 2015 update). At a high level, the SEC has identified the following six areas as paramount for investment firms to demonstrate preparedness:
In December 2015, we participated in a Wells Fargo Prime Services cybersecurity event and the panelists outlined everything your hedge fund needs to know about the SEC’s security expectations. Read “SEC Cybersecurity Checklist: 6 Areas Your Hedge Fund Better Have Covered” for the full scoop.
It's been a remarkable and evolutionary year for the hedge fund industry, and it's hard to believe it's coming to a close. As we wrap up these final moments in 2015, we'd like to wish everyone a happy New Year! We look forward to seeing you in 2016.
If you’re a loyal Hedge IT reader, you may remember we highlighted a few simple dos and don’ts that, when utilized, can go a long way in shoring up your firm’s security. To make it easy, we’ve put these tips together into a video. Take a look below and discover a vast range of security tips and tricks from email encryption to proper security measures for protecting computers and mobile devices.
With the holiday season upon us, we'd like to wish all of our clients, partners, friends and colleagues Happy Holidays and a healthy, successful 2016!
Click below to view our 2016 holiday e-card.
Categorized under: Eze Castle Milestones
Welcome back for our monthly Eze Tech Tips Video.
2016 is just around the corner, which means we’re entering resolution time and the hedge fund launch season. So, here’s our list of the top four hedge fund IT mistakes you need to resolve not to make in 2016.
Times have changed. There is little doubt that the hedge fund industry has evolved in recent years with the rise of new regulations, the wide spread adoption of cloud services and deep focus on cybersecurity risks. These changes have affected the way many firms do business on both operational and technology levels.
But what effect do these changes have for the person responsible for technology at a hedge fund or investment firm? As a Chief Technology Officer (or comparable role: Director of IT, Chief Information Officer, etc.), one has historically been responsible for day-to-day IT functions and routine technology refreshes. But as the industry has experienced rapid change over the last several years, so too have the CTOs and their responsibilities.
Operational due diligence has become a hot topic that continues to gain importance and attention throughout the alternative investment industry. Over the past few years, as regulations have changed and investors increasingly seek transparency, funds are spending more time than ever preparing for the due diligence process.
It is no surprise that the investment industry landscape is becoming more and more competitive. As this trend continues, investors are raising their expectations and looking towards funds that display the highest levels in operational excellence. One important way to ensure your firm meets these high standards is to complete a due diligence questionnaire (DDQ) that can be shared with potential investors.
A comprehensive DDQ covers a wide range of topics, from assets under management to audited financial statements and investment strategies. One major area of focus is the fund’s IT and accompanying cybersecurity policies and procedures.At Eze Castle, we frequently assist our hedge fund clients in completing DDQ questions on technology, and we often see the same types of questions popping up. So, to help you get started, we have compiled the following list of some frequently asked DDQ questions.