With a new year brings new excitement and new ambition. Across the hedge fund and alternative investment industry, firms are devising new strategies and implementing plans to drive growth and increase returns. In 2016, we expect the following industry trends will play a role in shaping many of the decisions hedge funds and other investment management firms make.
Hedge Fund Cybersecurity 2.0
Last year, cybersecurity took center stage across the investment community, and there is little doubt that it will continue to dominate in 2016. If we can assume that firms used 2015 to shore up security practices and have, at minimum, established a baseline for protecting firm assets with firewalls, password protections and penetration testing, we can expect 2016 to take cyber preparedness to the next level in the form of advanced features and analytics including phishing and social engineering tests, designed to increase the level of preparedness held by firm employees. With cyber-attacks increasing in sophistication, firms will need to spend time in 2016 working with managed providers and internal IT teams to continue the education process and identify strategies to outsmart hackers.
Happy New Year! Here at Hedge IT, we’re looking forward to sharing more educational articles with you in 2016, but before we do, let’s take a look back at our readers’ favorite articles from last year.
Cybersecurity Regulations Take Center Stage
The Securities and Exchange Commission took major strides to regulate investment firm cybersecurity practices in 2015, with the release of multiple guidance updates (Click for the September 2015 update). At a high level, the SEC has identified the following six areas as paramount for investment firms to demonstrate preparedness:
In December 2015, we participated in a Wells Fargo Prime Services cybersecurity event and the panelists outlined everything your hedge fund needs to know about the SEC’s security expectations. Read “SEC Cybersecurity Checklist: 6 Areas Your Hedge Fund Better Have Covered” for the full scoop.
It's been a remarkable and evolutionary year for the hedge fund industry, and it's hard to believe it's coming to a close. As we wrap up these final moments in 2015, we'd like to wish everyone a happy New Year! We look forward to seeing you in 2016.
If you’re a loyal Hedge IT reader, you may remember we highlighted a few simple dos and don’ts that, when utilized, can go a long way in shoring up your firm’s security. To make it easy, we’ve put these tips together into a video. Take a look below and discover a vast range of security tips and tricks from email encryption to proper security measures for protecting computers and mobile devices.
With the holiday season upon us, we'd like to wish all of our clients, partners, friends and colleagues Happy Holidays and a healthy, successful 2016!
Click below to view our 2016 holiday e-card.
Categorized under: Eze Castle Milestones
Welcome back for our monthly Eze Tech Tips Video.
2016 is just around the corner, which means we’re entering resolution time and the hedge fund launch season. So, here’s our list of the top four hedge fund IT mistakes you need to resolve not to make in 2016.
Times have changed. There is little doubt that the hedge fund industry has evolved in recent years with the rise of new regulations, the wide spread adoption of cloud services and deep focus on cybersecurity risks. These changes have affected the way many firms do business on both operational and technology levels.
But what effect do these changes have for the person responsible for technology at a hedge fund or investment firm? As a Chief Technology Officer (or comparable role: Director of IT, Chief Information Officer, etc.), one has historically been responsible for day-to-day IT functions and routine technology refreshes. But as the industry has experienced rapid change over the last several years, so too have the CTOs and their responsibilities.
Operational due diligence has become a hot topic that continues to gain importance and attention throughout the alternative investment industry. Over the past few years, as regulations have changed and investors increasingly seek transparency, funds are spending more time than ever preparing for the due diligence process.
It is no surprise that the investment industry landscape is becoming more and more competitive. As this trend continues, investors are raising their expectations and looking towards funds that display the highest levels in operational excellence. One important way to ensure your firm meets these high standards is to complete a due diligence questionnaire (DDQ) that can be shared with potential investors.
A comprehensive DDQ covers a wide range of topics, from assets under management to audited financial statements and investment strategies. One major area of focus is the fund’s IT and accompanying cybersecurity policies and procedures.At Eze Castle, we frequently assist our hedge fund clients in completing DDQ questions on technology, and we often see the same types of questions popping up. So, to help you get started, we have compiled the following list of some frequently asked DDQ questions.
Earlier this week we presented at a Wells Fargo Prime Services breakfast briefing on cybersecurity. During the discussion, Stuart Levi of Skadden reminded attendees that the SEC has clearly defined (and communicated) its cybersecurity expectations. He recapped the following six areas advisers must have covered to demonstrate preparedness to regulators.
1. Risk Assessments
4. Access Control
5. Vendor Management
6. Information Sharing
Here's Eze Castle Integration's take on these focus areas:
#1 Risk Assessments
The April 2015 SEC Cybersecurity Guidance Update goes deeper into risk assessments expectations. Here are some key cyber risk assessment takeaways:
Define what confidential data is and determine how it's protected.
You must also understand where your data is located, how it is collected and who and what technology systems have access to it.
Registered investment advisers should have a clear understanding of the threat landscape, including potential internal and external risks as well as unique vulnerabilities specific to the firm. Evaluate a variety of potential scenarios as well as their likelihood to occur.
Once firms understand the risks facing their organization, they must conduct assessments of the existing controls and processes to ensure they account for the risk landscape and put the appropriate safeguards in place.
Be sure to understand the potential impacts of various cyber risk scenarios and outline specific protocols for incident response and quick resolution. The impact of cybersecurity incidents can range from financial to technological to reputational.
Finally, testing and assessing the governance structure, including administrative and technical safeguards, is key to ensuring effectiveness.
Gone are the days of management simply outsourcing responsibility to third-party experts and trusting them blindly. Telling the SEC, “we hired the best security consultant,” won’t cut it. Today management must understand their firm’s security posture and be able to outline the safeguards that are in place to minimize risk.
Additionally, management must instill the importance of security preparedness in all employees by making it a top-down priority.
Mobile devices have transformed the way we manage our everyday lives: from how we track our bank accounts, to interacting with friends and family to booking travel, and so on. Everything you need is at your fingertips, but are you taking the proper security measurements to protect your device? Below are a few tips to help keep your smartphone’s data safe.
Set a Password: When you do not set a password to lock your phone, anyone who obtains possession of the device has instant access to all of your apps that automatically log-in upon launching. This is a simple security measure to take and yet, according to Consumer Reports' annual State of the Net Survey, only 36 percent of smartphone owners have a passcode. From a business use perspective, any device that accesses corporate email or networks should have a complex password and be managed by mobile device management tools such as AirWatch or Good Technology.
Mobile Security Apps: Looking to the future, we expect the adoption of mobile device security apps that provide antivirus, privacy and anti-malware protection to increase. And for good reason. According to the June 2014 McAfee Labs Threat Report, mobile malware has increased by 167 percent in the past year alone. Companies, such as AirWatch, aim to ensure your enterprise mobility deployment is secure and corporate information is protected with end-to-end security.