Cybersecurity Threats: Is Your Investment Firm Protected?
As you have probably heard, a number of international organizations have become victims of cyber hacking in recent years. You may remember the names of firms such as DLA Piper and Mossack Fonseca for being under international scrutiny after falling victim to malicious, highly damaging cyber-attacks. WannaCry and Equifax are still filling headlines. Firms must invest time and money if they are to keep up with new threats in the landscape and update defense practices accordingly.
Is your firm at risk?
In short, the answer is yes. Anyone can be at risk these days. Buidling a proper human firewall, incident response plan, and ensuring your files are backed up can mitigate risks.
One way to reduce your firm’s technology risk is to add layers of redundancy throughout your infrastructure. Whether you’re utilizing a cloud infrastructure or an on-premise environment, your servers, networking and telecomm lines should feature N+1 availability, a configuration in which multiple components have at least one independent backup component to ensure system functionality continues in the event of a failure.
What types of information are hackers after?
Hackers infiltrate corporate technology environments for a variety of reasons. In the retail arena the perpetrator may be seeking customer data such as credit card information or social security numbers. In the investment industry, it is more likely that a hacker will attempt to steal information on a firm’s intellectual property, such as business plans, trading programs, market forecasts and investment strategies.
Hackers are getting smarter. In order to gain access to the data, hackers may employ a number of different infiltration tactics such as phishing emails, spear phishing, money wires, etc. For instance, email systems could be hacked such that the perpetrator is able to view confidential messages being sent between employees internally. He or she may also attempt to interrupt Internet connectivity or tamper with important business applications.
What can be done to protect investment firms from this type of cyber crime?
While it is nearly impossible to guarantee that your firm is impenetrable to hackers, there are a number of actions that can be taken to greatly decrease cyber security vulnerabilities. First and foremost, funds should evaluate internal policies and procedures to ensure that standard precautions such as password protection, email encryption, up-to-date antivirus software, and physical security measures are in place. Arguably, human error is the weakest link in the security chain of any organization. Building up the human firewall within your organization will help avoid getting ‘hooked’ by hackers.
In order to better mitigate all of the above risks we’ve mentioned, your firm can leverage the expertise of a third-party technology provider. By placing the burden of risk on an outsourced provider, you free up your firm’s resources for other projects – whether they be IT or investment focused. Whether its project-by-project or on a part- or full-time basis, your outsourced IT provider can offer a vast array of services and solutions designed to meet your firms unique needs – and, of course, to reduce your firm's inherent risk.
Interested in learning more about information security and how to keep your firm’s data protected?
Learn more about the security layers your firm should implement to mitigate the technology risk for your firm.