Hedge Fund Security Part 1: Six Basic but Overlooked Security Practices
In today’s world, every company must have a well thought-out security posture to protect it from internal and external threats. From perimeter security to desktop anti-virus software, most investment firms have technology in place to protect their critical information from intrusion. However, significant vulnerabilities still exist in many companies today from simple physical security, which may or may not be technology related. This three part series will take a look at some common threats to security as well as some ways to protect your data from intrusion.
Since we can all use a refresher from time-to-time, we’ll start with a Top Six list of fundamental security best practices:
1. Passwords are essential but simply having one isn’t enough. Remind users not to leave passwords on sticky notes or under their keyboards. One way to remember a new password is to use it immediately and often. Also, don’t change a password before leaving on vacation or on a Friday, as you’re more likely to forget it when you return to work.
2. Create strong passwords. A good password is easy for a user to remember but hard for someone to guess, which may sound easier said than done. Think about substituting letters for numbers and vice versa. Also, be sure to change your password often. We recommend changing a password every 30- 90 days. Many of our clients already have automated procedures in place to enforce this policy.
3. Remember to lock the doors. Propping open a door to expedite FedEx deliveries or get fresh air is fine, but keep an eye on who uses the door and be sure to make sure it is locked before leaving for the day and when the front desk is not staffed.
4. Laptops are easy prey while traveling. A recent survey by market researcher Enterprise Strategy Group found that 68 percent of computer administrators believe laptops represent the biggest risk for the loss of confidential information. About 97 percent of stolen computers are never recovered, according to the FBI. The latest designer bag is the first tip-off to a would-be thief. Also, do not leave your laptop unattended while in an airport, hotel, or conference.
5. Add local security measures. Further security measures can be taken locally on laptops through the use of portable physical locking mechanisms, active directory, biometrics, and encryption. Local encryption software has become increasingly accessible in recent years, through open source vendors such as TrueCrypt, which provide automated, real-time data encryption that can help protect your information even if your laptop is lost or stolen.
6. PDAs need protection too. Just as laptops require passwords, so do PDAs. Not only do BlackBerrys and other personal devices carry company confidential information, they also provide access into a company’s corporate network. It only takes a few minutes for an intruder to disrupt a company’s operations or steal sensitive information. Eze Castle Integration can create automated policies to enforce passwords on these devices similar to workstation-based enforcement.
These are a few helpful reminders to ensure that your data is secure from internal and external threats. Next up:
Eze Castle Integration strives to create both technologically and physically secure environments for our clients. Security policy and procedure review is an important part of ongoing maintenance for any IT environment. For a more comprehensive security review of your site, please contact us.
To make things easy, you can always subscribe to Hedge IT so new articles automatically appear in your inbox!