Spam is essentially a term used to describe emails that make their way into a recipient’s inbox without their consent. According tothe Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), almost 90% of all email is considered spam. Due to this shocking number, spam filters are widely used to assist users in keeping tabs on emails that are actually relevant. How do these spam filters work? We don’t know a lot about the algorithms used to operate them, and that’s probably a good thing. With that type of information floating throughout the web, spammers would be able to easily beat these filters, and we’d see cluttered inboxes everywhere. But despite our lack of knowledge on the intricacies of spam filters, there are a few red flags to avoid and best practices to adopt to keep genuine emails from entering total oblivion.
How Spam Filters Work
As mentioned, no one can be 100% certain how a spam filter flags an email, as they use many different benchmarks to judge an incoming message. A few hallmarks include:
IP Address – If your IP address has been flagged for sending spam in the past, it will impact the deliverability of your mail. This extends to your ISP as well. Where some ISPs attempt to eliminate spam from their servers, some take a more relaxed approach to spam.
What The Email Looks Like – Filters will look at the subject line and body of an email. If the filter deems either of the two to resemble spam, then your email likely won’t make it into someone’s inbox. Words and phrases such as “free” & “buy now” are often cited as trigger words.
Code – An innocent mistake many users make is using text formatted from Microsoft Office applications. Unfortunately, this creates rather messy HTML code with unnecessary lines of coding.
With threats of data loss increasing in both numbers and severity, it is no surprise that data security is on everyone’s mind within the financial and investment industry. Regulatory agencies and investors now expect businesses to have backup solutions and comprehensive record-keeping practices. Understanding the need and importance of implementing a backup solution can add instrumental value to your business.
We at Eze Castle Integration have identified the top four reasons why backups are critical to not only a firm’s growth, but also their survival.
1. Regulatory agencies demand security of financial records.
The Securities and Exchange Commission (SEC) has instituted regulations on the storage of financial records and electronic communication, and financial industry regulatory agencies such as FINRA now provide standards and guidance information on potential threats. In addition, international regulators such as the FCA, a financial regulatory body in the United Kingdom, are also demanding firms to have a data backup solution.
The reasoning behind these recommendations is the volume of things that can go wrong with your data storage solution. From hardware failure, software corruption, virus or network security breaches, to natural disasters and human error, the threat to your data is endless. With today’s financial services companies managing exponentially growing volumes of sensitive data, the risk of loss grows as well.
The cyber insurance industry is growing at a rapid pace as firms look to implement safeguards to protect sensitive data and financial information from ending up in the wrong hands. As hackers become savvier and cyber schemes more elaborate, many firms are relying on cyber liability policies to add an extra layer of protection.
In some cases, however, insurance coverage has not satisfied the demands of firms and instead left them feeling scammed a second time.
One example of this comes from Texas where a manufacturing firm is suing their cyber insurance provider for refusing to cover a loss that came at the hands of a phishing scheme. According to the provider, the loss – of $480,000 – did not meet the specific criteria needed for a successful claim.
Situations like these are reminders for Chief Financial Officers and Risk Officers to carefully comb their cyber insurance policies to gain a comprehensive understanding of what exactly is covered – and what is not.
Our friends at Willis Holdings Inc. work with investment firms regularly to craft cyber liability policies and provided their take on the insurance landscape as part of our Hedge Fund Insiders Article Series:
BY: John Mullen and Jennifer Coughlin, Lewis Brisbois Bisgaard & Smith, and Talene Megerian and Kristin Zieser, Willis FINEX Claims & Legal Group
The Cyber risk landscape is rapidly evolving. Governments are facing an unprecedented level of Cyber attacks and threats with the potential to undermine national security and critical infrastructure. Similarly, businesses across a wide range of industry sectors, particularly those in the health care, retail and financial services industries1, are exposed to potentially enormous liability and costs as a result of Cyber incidents and data breaches.
Given the risk landscape, it is no wonder companies of all sizes continue to be subject to increasing data breach liability, both in the form of single plaintiff or class action lawsuits and regulatory investigations and proceedings. Negligence, breach of fiduciary duty and breach of contract are just some of the allegations that a company may face as a result of a systems failure or lax security that compromises the security of customers’ personal information or data.
In an interconnected world, social platforms such as Facebook, have evolved into components of our everyday lives. Real-time updates keep us in the loop with popular events, friends, “liked” company pages, the latest apps and so on. Behavior quizzes offer entertainment to discover your celebrity and fairytale doppelgängers, or breakfast food and ice cream personality matches. To partake in this social extravaganza, we hand over our personal information freely, forgetting its value somewhere between each hashtag and viral post.
It seems that every hour emerging innovations and dynamic social platforms open the threshold of new opportunities to share and attain information. Typical data requested from social sites may include your full name, age, sex, birthday, relatives, photos, account access, etc. However, what most people don’t realize while tuning out to plug in our witty social facts, is the depth of personal data they’re unwittingly dispensing to persons, companies and third parties unknown.
When it comes to social media engines, when did people become the mindless machines pumping out sensitive information?
The winter season has officially greeted the East Coast with the first major storm of 2016, Storm Jonas. Jonas produced historic amounts of snow in many East Coast states setting records for all-time heaviest snowstorm at two prominent New York airports, JFK (30.5 inches) and LaGuardia (27.9inches). With these unprecedented levels of snow, New York City was forced to halt public transportation and implemented a mandatory restriction on private transportation as well. Jonas proved to be kind in the fact that the majority of the impact fell on the weekend but many firms can recall more disruptive storms occurring during regular business hours leaving many employees feeling stranded. To alleviate the stress incurred during winter storms, we sat down with our own Business Continuity Analyst, Matt Donahue, who creates, writes, and audits hedge fund’s business continuity plans. Matt spoke with us about different BCP scenarios and provided tips to keep your firm operational during the worst of storms.
Rather watch a video? Scroll down or click here to see Matt’s 15-min Q&A on winter weather prep.
There has been a lot of talk recently on the West Coast about El Niño and its potential impact. Apart from a 1997 Saturday Night Live sketch featuring Chris Farley (do yourself a favor and look it up on YouTube), I realized I needed a refresher on what exactly El Niño is and what its potential impacts could be on regions across the U.S..
According to the National Oceanic and Atmospheric Administration (NOAA), El Niño conditions occur when abnormally warm waters accumulate in tropical latitudes of the central and eastern Pacific Ocean. Consequently, tropical rains that usually fall over Indonesia shift eastward. During El Niño winters, northwestern North America is more likely to experience warmer-than-average temperatures, and the southeastern U.S. is more likely to receive rain.
Of course, this should not be confused with La Niña.
In today’s competitive market, research management software (RMS) has become a must-have integrated feature for investment management firms. Significant benefits offered via RMS have caused a ripple effect of soaring adoption rates across the global investment industry. In this article we’ll examine how adopting a research management solution could benefit your firm.
With offices, colleagues and clients spread across the world, firms need to consolidate data in an organized fashion. From meeting and call notes, to audits and analyst reports, the demand for readily accessible information is ever burgeoning. Storing information within multiple programs and folders not only welcomes disorder and the opportunity for digression in the workplace, but also increases costs and wastes valuable time. This prehistoric method of aggregating data has been replaced with advanced RMS, a much more viable, flexible and comprehensive solution. Hosting a firm’s data within a user-friendly, central repository simplifies processes, optimizes productivity and uncovers new business opportunities. When selecting a RMS, managers may consider a generic or industry-specific product. While both options present benefits, the latter assimilates seamlessly with an investment firm’s daily workflows, terminology and diverse range of data. An ideal RMS will also offer customization, accessibility and integrate with other applications, such as Outlook.
On December 9, 2015, Wells Fargo Prime Services and Eze Castle Integration hosted a panel on cybersecurity to discuss the current landscape. The panel featured leading industry experts including:
Eldon Sprickerhoff, Founder & Chief Security Strategist, eSentire
Stuart Levi, Partner, New York, Skadden, Arps, Slate, Meagher & Flom LLP
Vinod Paul, Managing Director, Eze Castle Integration
Timothy O’Brien, Supervisory Special Agent, Cyber branch, Federal Bureau of Investigation – New York Office.
Marc P. Berger, Partner, Government Enforcement, Ropes & Gray LLP
Marc Berger’s opening statements emphasized the extent of the cybersecurity threat currently facing firms across a wide swath of industries. He quoted FBI Director James Comey, who stated: “There are two kinds of big companies in the United States. There are those who’ve been hacked … and those who don’t know they’ve been hacked ….” (FBI Director James B. Comey, 60 Minutes, CBS TV Interview, October 5, 2014). Alarming statistics from the Ponemon Institute’s 2015 Cost of Cyber Crime Study, conducted with HP Enterprise Security, found that the average cost to resolve a single cybersecurity incident is $1.9M, and the average time to resolve is 46 days. Perpetrators range from nation-state-sponsored hackers and disgruntled/rogue employees to organized crime units, activists, and other thieves.
Many years ago, business continuity plans were a nice-to-have feature for investment management firms. Only the largest and wealthiest firms employed them. In today's landscape, however, investors and regulators alike expect and demand that firms implement preparedness plans for disasters and cyber-attacks. BCP plans, therefore, are no longer optional.
The key to a successful business continuity plan lies in understanding the impact a disaster situation could have on a business and creating policies to respond to any such impact. Here are the five key steps to this plan:
We spend a lot of time educating our clients about security best practices and encouraging them to implement comprehensive security policies and procedures to mitigate risk and protect both the firm and its employees. And for good reason. Data breaches continue to wreak havoc for businesses, and the cost is steadily rising. According to the Ponemon Institute, the total average cost of a data breach is now $3.8 million, up from $3.5 million in 2014.
While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. In addition to providing employees with security best practices they should follow, don’t forget to also include a list of actions they should not. Here are just a few pieces of advice we regularly offer our investment firm clients. You can download our full IT Security Dos & Don'ts eBook by clicking here.
Lock your computer and mobile phone(s) when you leave your desk and/or office
Use care when entering passwords in front of others
Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)