Network Security Threats & Best Practices for Hedge Funds
As part of our ongoing thought leadership, we often host educational webinars on a variety of topics relevant to hedge fund operations and technology. For our most recent webinar, we decided to dive deeper into the topic of security, as it still remains one of the biggest priorities and concerns for hedge funds.
Speaking on the webinar were two great security experts: Steve McGeown, VP of Marketing and Product Management at eSentire, and Steve Schoener, VP of Client Technology here at Eze Castle Integration.
Below is a short summary of the key points addressed by our expert speakers.
Why are Hedge Funds at Risk?
The truth is that there is a lot of animosity towards firms on Wall Street, and this distaste has spurred the increase in potential threats to hedge funds and investment firms. Since the US recession began in 2008, people have been looking for someone to blame, and oftentimes that blame has been placed on hedge funds. In some cases, hackers or “hactivists” are merely looking to steal information, and in other cases, they may be looking to tarnish and take down funds that they believe are responsible for our current economic state. Hackers have stepped up their games and even made a point to target specific firms in order to seek revenge.
In addition to external threats, some of the biggest risks to your company may be located internally. One example that eSentire's Steve McGeown provided of this was an instance in which a company’s employee was caught downloading an entire CRM database onto her personal Gmail account. Instances like this are prime examples of how important it is to maintain strict internal policies and procedures to keep your firm’s information safe at all times. (We’ll be dedicating an entire blog article to this topic next Thursday, 5/17, so be sure to come back then!).
Hedge Fund Security Best Practices
Hedge funds and investment firms may be easy targets for hactivists, but with proper policies and procedures in place, firms can ensure their sensitive data and information doesn’t fall into the wrong hands. On the most basic level, firms should employ anti-virus software and network firewalls to minimize the amount of traffic into the firm’s network. To take things a step further, firms can utilize systems like intrusion detection to more accurately and aggressively monitor inbound threats.
Having the right systems in place can only get you so far. Your firm also needs to underscore the importance of security by maintaining strict policies that outline acceptable behavior and security best practices.
Following are a few policies we recommend your firm employ:
Access Control Policy: Provides direction for managing and granting access to information systems
Acceptable Use Policy: Outlines acceptable use of Internet/Extranet/Social Media/etc.
Incident Response Management Policy: Outlines the requirements and procedures for dealing with an information security breach or incident
Personal Communications Device Policy: Describes requirements for use of personal communication devices
Also, be sure to check out these articles: