Extended power outages and blackouts have the potential to impact not only businesses but also our personal lives. Without electrical power, some business functions may cease entirely, resulting in the loss of valuable data and production time.
With Hurricane Season here and Tropical Storm Cristobal brewing in the Atlantic, we are running a two part series contributed by one of our Business Continuity Experts here at Eze Castle Integration – Matt Donahue.
In today’s article Matt looks at the steps or actions investment firms and other businesses can follow in order to mitigate, prepare, respond, and recover from an extended outage or blackout. Then Thursday’s article will focus on these same topics but for individuals.
21 Tips to Prepare Your Business
During an outage, investment firms risk data losses, experience logistical issues and experience unfavorable or impossible working conditions. Heavy reliance on technology items, IT systems and software can put businesses in a difficult situation during an outage, especially if they have not pre-planned or completed a Business Continuity Plan (BCP). Other mitigation activities such as purchasing alternative or back up power sources such as batteries or generators are good ways to ensure power for essential items.
Here are some other helpful steps and precautions investment firms should consider.
If there’s one thing we’ve learned over the years when it comes to security, it’s that there’s a whole lot more to creating a secure hedge fund (or any business for that matter) than robust technology. Before identifying infrastructure components and implementing operational policies, a firm must first be clear on what its attitude is toward security. This attitude will filter through the company from the top down, and will therefore dictate how employees and the business as a whole operate on a daily basis.
To give you a clearer understanding of what we mean, we’ve created three security profiles that cover a wide spectrum in terms of security attitudes and practices.
Under the Radar: Low Security
If you’re attitude toward security is low, odds are you’re barely scraping the surface in terms of what practices and policies you should be employing to maintain proper security firm-wide. You likely rely on quick fixes to solve problems instead of looking at the bigger picture and thinking strategically about how security can both benefit and protect your business. You’ve employed minimal preparedness efforts and could be in for a difficult task if faced with a serious security incident. You probably take a “it won’t happen to me” attitude and don’t take security seriously enough – a stance that could endanger your firm in the long term.
Categorized under: Security Launching A Hedge Fund Cloud Computing Disaster Recovery Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing Videos And Infographics
Unless you've been living under a rock for the last few weeks, you've probably seen a slew of videos on your Facebook or Instagram news feeds featuring your friends and family members dumping buckets of ice over their heads. To what end?
The Ice Bucket Challenge is sweeping the nation and simultaneously raising awareness and money for amyotrophic lateral sclerosis (ALS) – also known as Lou Gehrig’s disease. Pete Frates, a 29-year-old Boston-area man and former baseball captain at Boston College, is credited with leading the charge and challenging his friends to pour ice over their heads. The challenge took off in the Boston area and quickly went viral across the country and even globally. Celebrities are now accepting the challenge as well – and everyone from Justin Timberlake to Taylor Swift to Mark Zuckerberg have participated.
But beyond filling your news feeds with entertaining videos, the ALS Ice Bucket Challenge is also succeeding at spurring significant donations. As of this week, the ALS Association said it has received $15.6 million in donations since July 29 – compared with just $1.8 million during the same time period last year. We noticed many of our employees here at Eze Castle Integration were brave enough to accept the challenge, and we applaud them for raising awareness for such a worthy cause. We’ve created a short compilation below to highlight some of our amazing employees as they take the ALS Ice Bucket Challenge.
Mobile devices have transformed the way we manage our everyday lives: from how we track our bank accounts, to interacting with friends and family to booking travel, and so on. Everything you need is at your fingertips, but are you taking the proper security measurements to protect your device? Below are a few tips to help keep your smartphone’s data safe.
Set a Password: When you do not set a password to lock your phone, anyone who obtains possession of the device has instant access to all of your apps that automatically log-in upon launching. This is a simple security measure to take and yet, according to Consumer Reports' annual State of the Net Survey, only 36 percent of smartphone owners have a passcode. From a business use perspective, any device that accesses corporate email or networks should have a complex password and be managed by mobile device management tools such as AirWatch or Good Technology.
Mobile Security Apps: Looking to the future, we expect the adoption of mobile device security apps that provide antivirus, privacy and anti-malware protection to increase. And for good reason. According to the June 2014 McAfee Labs Threat Report, mobile malware has increased by 167 percent in the past year alone. Companies, such as AirWatch, aim to ensure your enterprise mobility deployment is secure and corporate information is protected with end-to-end security.
Voice over IP has come a long way especially in the business world, but many investment firms still have hesitations about making the switch. In honor of our recently enhanced Eze Voice service, which runs over the Eze Private Cloud Network, we decided to tackle five common myths about Voice over IP.
MYTH 1: Poor Call Quality – Everyone will know I’m on VoIP
Call quality is a key concern and can be impacted by a number of items including the network, available bandwidth and even the type of phones being used. However, a well-designed business-caliber VoIP system can deliver quality of service comparable to an in-house phone system. In business settings, where calls are made over private IP connections, Quality of Service (QoS) can be monitored and guaranteed because the entire IP connection is controlled by the party making the call.
When evaluating VoIP services, it is important to inquire about the underlying network and how voice traffic is prioritized and routed. You want a provider that has full control over network traffic and can ensure high quality of service. For added confidence, ask to speak with existing VoIP customers (over the phone!) to hear about their experiences first-hand.
MYTH 2: VoIP is Unreliable – I’ll Experience Downtime
A natural extension of the call quality concern is the reliability concern. While consumer-grade VoIP services work over the Internet to deliver low cost services, Business-grade VoIP services often use the Internet as a backup and have private IP point-to-point lines for primary connections. If Internet is the primary transit, be sure you are working with a VoIP provider who manages the entire network and has control over traffic prioritization. In most cases you want to ensure voice traffic takes precedent over data or travels on a different network.
Hedge fund marketing and advertising has greatly evolved in the past few years, both with regulatory changes taking effect (in the US, the JOBS Act now allows public advertising) and new forms of media emerging, particularly social platforms such as Twitter, Facebook, LinkedIn and YouTube.
In the UK this week, the Financial Conduct Authority (FCA) took steps to further regulate how financial services firms market to consumers by launching guidance consultation on social media usage. As evidenced by FCA Director of Supervision Clive Adamson, the consultation is intended to ensure financial promotions on social media platforms protect consumers and are disseminated in a way that fairly balances both benefits and risks.
“The FCA sees positive benefits from using social media but there has to be an element of compliance. Primarily, what firms do on social media must ensure customers are at the heart of their business. Our overall approach is that financial promotions, whether on social media or traditional media, should be fair, clear and not misleading. We have had extensive industry engagement on this issue and we believe our guidance is a sensible approach that doesn’t affect industry’s ability to innovate using new forms of media. We recognise social media are constantly evolving. We, therefore, welcome feedback to [the] consultation and look forward to continuing the discussion with industry."
The last five years has seen an increase in reliance on technology among financial institutions. IT outsourcing has become more attractive to the financial services industry - but against the backdrop of increased reliance on complex IT systems and operations is the heightened risk of cyber-attacks and system disruptions.
In June 2013, the Monetary Authority of Singapore (MAS) issued the Technology Risk Management Guideline (TRMG), which addresses existing and emerging technology risks within financial institutions.
The objective of the TRMG is for financial firms to establish a sound and robust technology risk management framework, strengthen system security, reliability, resiliency, recoverability and deploy strong authentication to protect customer data and systems.
In today’s blog article we will take a look at some of the key guidelines covered in the guide:
The competition amongst firms in the financial services industry is ever burgeoning, and in order to achieve differentiation, it is imperative for firms to create and maintain robust, manageable, scalable and reliable technology infrastructures. Increasingly, we’re seeing more than just emerging managers opting for a cloud solution and established hedge funds and alternative investment firms shifting gears from traditional on-premise IT infrastructures to cloud services.
If you missed our webinar yesterday on Why the Billion Dollar Club is Going Cloud, read our recap below or scroll down to watch the full webinar replay, featuring Eze Castle’s Managing Directors Bob Guilbert and Vinod Paul.
The Business Case for the Cloud: Why Established Firms are Making the Move
Across the industry, established firms that have been in business for several years are moving away from physical infrastructures and adopting the cloud. Traditionally, investment firms would allocate substantial capital budgets to build on-premise Communication (Comm.) Rooms. These cost-intensive infrastructures can take months to build out, and specific expenses can vary depending on a firm’s unique needs. For example, at minimum, investment firms require file services, email capabilities, mobility services and remote connectivity, as well as disaster recovery and compliance. Beyond those, many firms also require systems and applications such as order management systems (OMS), customer relationship management tools (CRM), and portfolio management or accounting packages.
Categorized under: Cloud Computing Disaster Recovery Security Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Trends We're Seeing Videos And Infographics
We’ve seen the face of the financial services industry change dramatically over the last few years, with emerging technologies, investor transparency demands and growing competition fueling firms to assess their operations and focus on the health and success of the overall business. But perhaps beyond any of these trends, the focus on industry regulations and compliance efforts may be the most significant in changing the way financial services firms do business.
This year alone, we’ve seen regulatory initiatives dominate headlines and leave firms scrambling to comply, notably the SEC’s cybersecurity guidelines released this spring and the official implementation of the Alternative Investment Managers Fund Directive (AIFMD), which went into effect last week. Also becoming official this month is the Foreign Account Tax Compliance Act, or FATCA, which requires U.S. persons to report financial accounts held outside of the United States and financial institutions (notably banks) to report foreign financial accounts and clients who hold foreign assets.
To identify non-compliance, the Internal Revenue Service is requiring financial institutions with foreign entities and foreign financial institutions (FFIs) to disclose information about U.S. clients with balances over $50,000. The law threatens a steep 30 percent withholding tax on payments for non-compliant FFIs.
There is also a significant cost for firms to implement compliance procedures and reporting standards to meet the legislative requirements of FATCA. It is reported that implementation costs average between $100,000 and $500,000 depending on firm size and are expected to amount to roughly $8 billion USD a year for financial institutions alone (not including costs to the private sector, IRS and foreign entities).
Your hedge fund's information security plan likely includes details on where information is stored, how it is accessed and who it is accessible to. But a critical component of this plan often overlooked is how and why data is destroyed when it is no longer needed. Including data destruction procedures in your WISP or as a separate document is vital to ensuring your firm’s sensitive data and intellectual property does not fall into the hands of the wrong people. Unfortunately, in today’s technology-driven, cyber-aware environment, simply hitting the delete key is not enough.
There are a few different scenarios that warrant secure data destruction maneuvers:
Changing service providers
Retiring a service/product
Your methods and policies for secure destruction may vary according to the above scenarios, or they may be standard across the firm. Your hedge fund should also consider if there are any regulatory implications. Do you need to maintain/archive data for a prescribed period of time in order to comply with state, federal or other compliance or auditing standards?
In any case, you’ll want to consider a variety of methods in the beginning to ensure your firm’s confidential data (e.g. investment portfolio, investor contact information, etc.) is thoroughly destroyed, preventing unwanted breaches or thefts.