Eze Castle Integration Eze Castle Integration

Hedge IT Blog

SEC Cybersecurity Checklist: 6 Areas Your Hedge Fund Better Have Covered

By Mary Beth Hamilton,
Thursday, December 10th, 2015

Earlier this week we presented at a Wells Fargo Prime Services breakfast briefing on cybersecurity. During the discussion, Stuart Levi of Skadden reminded attendees that the SEC has clearly defined (and communicated) its cybersecurity expectations. He recapped the following six areas advisers must have covered to demonstrate preparedness to regulators.

1. Risk Assessments
2. Governance
3. Training
4. Access Control
5. Vendor Management
6. Information Sharing

Here's Eze Castle Integration's take on these focus areas:

#1 Risk Assessments

The April 2015 SEC Cybersecurity Guidance Update goes deeper into risk assessments expectations. Here are some key cyber risk assessment takeaways:

  • Define what confidential data is and determine how it's protected.

  • You must also understand where your data is located, how it is collected and who and what technology systems have access to it.

  • Registered investment advisers should have a clear understanding of the threat landscape, including potential internal and external risks as well as unique vulnerabilities specific to the firm. Evaluate a variety of potential scenarios as well as their likelihood to occur.

  • Once firms understand the risks facing their organization, they must conduct assessments of the existing controls and processes to ensure they account for the risk landscape and put the appropriate safeguards in place.

  • Be sure to understand the potential impacts of various cyber risk scenarios and outline specific protocols for incident response and quick resolution. The impact of cybersecurity incidents can range from financial to technological to reputational.

  • Finally, testing and assessing the governance structure, including administrative and technical safeguards, is key to ensuring effectiveness.

#2 Governance

Gone are the days of management simply outsourcing responsibility to third-party experts and trusting them blindly. Telling the SEC, “we hired the best security consultant,” won’t cut it. Today management must understand their firm’s security posture and be able to outline the safeguards that are in place to minimize risk.

Additionally, management must instill the importance of security preparedness in all employees by making it a top-down priority.

Categorized under: Security  Launching A Hedge Fund  Hedge Fund Insiders  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Trends We're Seeing 



Putting the Smart in Smartphone Security: Six Consumer Tips

By Katie Sloane,
Thursday, December 10th, 2015

Mobile devices have transformed the way we manage our everyday lives: from how we track our bank accounts, to interacting with friends and family to booking travel, and so on.  Everything you need is at your fingertips, but are you taking the proper security measurements to protect your device?  Below are a few tips to help keep your smartphone’s data safe. 

  1. Set a Password: When you do not set a password to lock your phone, anyone who obtains possession of the device has instant access to all of your apps that automatically log-in upon launching. This is a simple security measure to take and yet, according to Consumer Reports' annual State of the Net Survey, only 36 percent of smartphone owners have a passcode. From a business use perspective, any device that accesses corporate email or networks should have a complex password and be managed by mobile device management tools such as AirWatch or Good Technology.

  2. Mobile Security Apps: Looking to the future, we expect the adoption of mobile device security apps that provide antivirus, privacy and anti-malware protection to increase. And for good reason. According to the June 2014 McAfee Labs Threat Report, mobile malware has increased by 167 percent in the past year alone. Companies, such as AirWatch, aim to ensure your enterprise mobility deployment is secure and corporate information is protected with end-to-end security. 

Categorized under: Security  Communications  Software  Trends We're Seeing 



A How-To Guide to Selling the Cloud to Your CFO

By Kaleigh Alessandro,
Tuesday, December 8th, 2015

handshakeIf you’re one of the seemingly few firms who has yet to make the move to the cloud, it could be for a variety of reasons. Perhaps you want to maintain total control of your IT environment. Or maybe you’re waiting for a tech refresh to motivate you. Alternatively, it could be that you just haven’t made the proper case to management for switching to the cloud – and many times the one who really needs convincing is the Chief Financial Officer (CFO).
 
If you’re the Chief Technology Officer (CTO) or IT Manager, your responsibility is determining the infrastructure choices that are going to best suit operations at your firm. But those priorities may not line up exactly with those of the firm’s CFO. IT doesn’t always have insight into the financial ramifications of an operations decision of this magnitude. Instead they are typically focused on the other benefits including personnel reallocation, workflow efficiencies, etc.
 
The CFO, on the other hand, is ultimately tasked with ensuring the company’s financial decisions are appropriate, and therefore, it’s often advantageous to at least attempt to speak his/her language when pushing for an IT change.

Categorized under: Cloud Computing  Hedge Fund Operations  Outsourcing  Trends We're Seeing 



New FINRA Rule Has Firms Facing Mandatory Business Continuity and DR Tests

By Matthew Donahue, CBCP,
Thursday, December 3rd, 2015

The Financial Industry Regulatory Authority (FINRA) recently issued a notice that it has filed a rule that became effective on November 30, 2015.  This rule, known as Rule 4380, grants FINRA the authority to designate member firms to participate in FINRA’s annual Business Continuity/ DR Testing under Regulation System Compliance and Integrity (SCI). 

Background
Regulation SCI was adopted by the Securities and Exchange Commission (SEC) in November of 2014 which detailed out specific requirements of FINRA to “establish, maintain, and enforce written policies and procedures that address, among other things, business continuity and disaster recovery." And as part of that FINRA must designate firms to participate in of its BC/DR Plans. The SEC adoption of SCI can be tied to experiences such as Superstorm Sandy which caused the securities market to close for two days. 
 
FINRA Notification Process and Designation Criteria
FINRA will privately notify firms that meet the standards for designation. This will happen at least 90 day prior to the testing date. For the most part the designation criteria is based on volume of activity over a specified time period. For the most this equates to about 5-9 firms designated per system.  

The following table provides details on the criteria designations.

Categorized under: Launching A Hedge Fund 



Four Smart Hedge Fund Technology Resolutions for 2016

By Mary Beth Hamilton,
Tuesday, December 1st, 2015

A new year, which is just around the corner, brings us endless opportunities to improve. So here’s a list of the top 4 IT resolutions that will help keep your hedge fund safe and sound in 2016.

 

Categorized under: Cloud Computing  Launching A Hedge Fund  Hedge Fund Insiders  Security  Disaster Recovery  Hedge Fund Operations  Trends We're Seeing  Videos And Infographics 



10 Tech Holiday Travel Tips to Keep You and Your Data Safe

By Katie Sloane,
Tuesday, November 24th, 2015

Traveling with electronic devices puts personal and critical business information at risk. As we embark on the busy holiday travel season, we decided to share some useful tips to help prevent your data and devices from falling into the wrong hands. Here are our top 10:smartphones tablets mobile devices

  1. Back up Your Data Before You Leave: Prior to traveling, back up data that is stored on your device(s) onto media that will not be taken with you on your travels. For example, on a storage card, cloud, or computer, if you are not bringing the latter device on your trip. Furthermore, ensure you do not have social security numbers, passwords, credit card information and other sensitive data stored on your devices. If you do, save this information in a more secure place and remove it from your portable devices.

  2. Travel Light: If you do not need it, do not bring it on your trip. Only devices that are necessary should accompany you while traveling.

Categorized under: Security  Communications  Software  Trends We're Seeing 



Acceptable Use Policy: A Recipe for Success

By Mary Beth Hamilton,
Thursday, November 19th, 2015

Here at Eze Castle Integration we have a pantry full of thoughtful policies that help ensure we keep everything in tip-top shape.  In past Hedge IT articles, we’ve shared our recipes for creating security incident policies, BYOD policies and social media policies.
 
Today, we are going to share our recipe for creating an Acceptable Use Policy, which governs how a company and its employees use computing resources.  The SANS Institute, which has policy templates galore, also has an Acceptable Use Policy template that you can find HERE and is the foundation for our award-winning recipe.Acceptable Use Policy - Recipe for Success
 
First, define the purpose and scope of your policy by answering questions including:

  • Why are the rules in place (i.e. protect firm from virus attacks, compromising of the computing network, etc.)?

  • Who does the policy apply to (i.e. employees, consultants, contractors, etc.)?

Categorized under: Trends We're Seeing  Security  Hedge Fund Operations 



Why Should I Choose Private Cloud Services Over Free File Sharing Services or Public Cloud Tools?

By Eze Castle Integration,
Tuesday, November 17th, 2015

Public cloud tools and free file sharing services are wholly owned and managed by third-party providers. Because infrastructure costs are spread across all users who are employing the service, each individual client is able to operate at a low cost. Public cloud tools are typically larger in scale than private enterprise clouds, which providecloud email services users with seamless, on-demand scalability.
 
These factors may seem to support the belief that public clouds and free file sharing services would suffice for a business’s basic infrastructure and file sharing needs. However, upon closer examination, it is clear that there are a number of areas in which these tools fall drastically short of meeting the crucial business needs of investment management firms.

Categorized under: Cloud Computing  Disaster Recovery  Hedge Fund Operations 



Think Your Password is Safe and Original? Here's Some Password Best Practices

By Mary Beth Hamilton,
Thursday, November 12th, 2015

Is your password “123456” or just plain old “password”? If so, you’re not alone. When media company-Gawker Media’s million plus user database was compromised by hackers, the passwords of nearly 200,000 users were decoded and made public. Of those exposed, over 3,000 people used the password “123456” and nearly 2,000 were using “password” as their password.

top gawker passwords

Think your name is an original password? Apparently lots of Michelle’s and Jennifer’s did because those made the most common password list as well. Check out the complete list to see if you have a popular password. 

This past weekend on the dark web hackers were offering to sell 590,000 Comcast email addresses and associated passwords. Of those, Comcast verified that 200,000 accounts were still active and had the account owners reset their passwords. According to Cnet, hackers didn't breach Comcast's computers to steal the information. Instead, they created their list of passwords with information stolen from [people across the web]." Hackers are skilled at tricking individuals into sharing their passwords. Then, since people often use the same password for multiple sites, the hackers have gold.

Gawker and Comcast being hacked are yet more reminders of the importance of having strong passwords and updating them regularly, especially in the hedge fund and investment management industry. Here are some tips to create safe passwords and keep them safe:

  • First off, passwords are essential but simply having one isn’t enough. Remind users not to leave passwords on sticky notes or under their keyboards. One way to remember a new password is to use it immediately and often.

Categorized under: Security  Trends We're Seeing 



Why Start-Up Fund Managers and Private Equity Firms Need a Website

By Frank Serebrin, InCapital Marketing (guest contributor),
Wednesday, November 11th, 2015

This post was contributed by Frank Serebrin, president and founder of InCapital Marketing.

If you don’t have a website, you don’t exist.
 
That’s the takeaway from…well, I can’t cite a study, but it’s my opinion.

Less than a generation ago, few businesses would consider not having their phone number published in the yellow pages. (Remember them?) Today, search engines have replaced phone books as the place most go for research and information. How can your potential new clients search you if you don’t have a website or social media presence?
 
Yet fifty-five percent of small businesses don't have a website, according to a 2013 survey of more than 3,800 small businesses conducted by Google. That's a slight improvement from the year before, when 58 percent said they didn't have a website.
 
You may think of yourself as a start-up hedge fund manager, or a Registered Investment Advisor, or a real estate private equity manager. And you’re still also a small business, too, at least as defined by the SBA.
 
Here are ten reasons why you may not have a site yet, and what you may do to correct the oversight:

1. I Don't Have the Time

Is this you? "I'm too busy trading…I’m on the road making sales calls…my partners and I have full time corporate jobs, too.” With all the demands on your time, a website can help sell your story while you build relationships and multi-task.

2. There’s No Money in the Budget

Is it that you don't have the money, or you haven’t figured out what your marketing budget should be? As a start up, your focus might understandably be on the legal costs of a private placement memorandum, and administrative, accounting, technology, trading, office space, and sales expenses.
 
How much capital are you looking to raise, and it what period of time? Is it $25 million? $50 million? $250 million or more? And you want to raise that from professional and sophisticated investors without the credibility of a website?

Categorized under: Launching A Hedge Fund  Hedge Fund Operations  Communications  Trends We're Seeing 



Recent Posts / All Posts / Previous Page / Next Page


 

Eze Cloud Information

Subscribe to Hedge IT

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Recent Articles

Categories

Archives