Blog Entries from 04/2019
Once you’ve decided to adopt cloud computing, it’s time to begin your search for a cloud services provider.
Likely, the first you will come across when looking for a cloud service provider is that there are many cloud service providers (CSP) out there. So, how do you know which provider is the right one for your investment firm? Following are five attributes to look for when vetting a cloud consultant:
Depth and Quality of Staff
Strong Communication Skill
A Proven Strategy
Experience in Cloud Deployment
Deep Security Knowledge
For investment management firms to embrace a security-first approach, they must regularly audit and evaluate their cybersecurity risk profile and adjust as necessary based on the evolving security landscape and technological advances. Continue reading for six questions your firm should reflect on regarding their cybersecurity risk profile.
What is our commitment to cybersecurity and what is our outlook on the future?
Regulators and investors continue to ask more questions about cybersecurity because they want to know that firms are effectively mitigating risk. To meet these growing expectations, firms must demonstrate that you take cybersecurity risk seriously and have implemented sound systems, policies and procedures to combat those risks. As the threat landscape and technology continue to evolve, investment management firms need to evolve accordingly and develop better ways to counteract threats. Firms don’t necessarily need to implement every available security technology, but they should be keenly aware of their options and have a plan to effectively mitigate as much risk as possible.
How are we addressing third party risk and oversight?
Investment management firms often rely on third party vendors to obtain functionality or capabilities that they need, want or can’t afford to produce on their own. But moving functions out of the firm's control can present challenges. With any outsourced function, the firm inherently takes on additional risks at the hands of the third party. But it's critical for investment managers to limit those risks through sufficient due diligence. To combat vendor risk, financial firms need to maintain strict oversight of all third party relationships and investigate security practices and protocols, particularly for those vendors who have access to the firm's confidential information. An outsourced vendor should be providing the same level of security (or better!) as your firm would if the function was under in-house control.
When evaluating technology providers, there are a number of factors to consider when determining which is the best fit for your firm. One important, and often overlooked, criterion is the quality of the Help Desk. Firms rely heavily on technology, but no technology is completely infallible. In the event of an unexpected issue, having a knowledgeable, experienced Help Desk at your fingertips is essential.
So, what makes an exceptional Help Desk?
In today's blog article, we will take a look at some critical considerations and provide guidelines for what to look for when selecting a Help Desk provider for your firm.
Though sometimes underestimated, developing and implementing a comprehensive employee training program creates an internal culture of security and ensures that all employees maintain a "security-first approach" to everything they do. This will make your employees an asset to your data security as opposed to a threat and bolsters your firm's cybersecurity strategy.
To learn more about creating an internal of security, downloud our guidebook, Four Step Guide to Employee Security Awareness, Culture of Security.
Late last year, the Financial Conduct Authority (FCA) published a cross-sector survey. 296 firms across the wider UK financial services landscape including asset managers, investment firms and banks were surveyed to investigate how effective resiliency practices surrounding their cybersecurity and technology are. There were some shocking findings, what stood out the most was that there was a 138% increase in technology outage incidents between 2017-2018. Results from the survey also indicated that nearly half of firms do not upgrade or retire old IT systems in time.
As an industry, whilst we’re getting better at building and maintaining a strong infrastructure with access to evolving tech and enhanced security processes, there is still pressure to do more to ensure your network is truly bulletproof. Earlier this month, experts from Eze Castle Integration and leading law firm, Simmons & Simmons, explored key areas of concern outlined by firms in this survey, sharing guidance on the cybersecurity, operational and managing third-parties aspect of building resiliency. Today’s blog article will roundup key cyber and technology considerations covered at the event by Dean Hill, Executive Director at Eze Castle Integration.
Categorized under: Security
The official definition given in TechTarget’s IT Dictionary reads: “Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. Authentication is a process in which the credentials provided are compared to those on file in a database of authorized users’ information on a local operating system or within an authentication server. If the credentials match, the process is completed and the user is granted authorization for access.”
Controlling access to ensure individuals only access the information they need is at the heart of authentication. With stories of password compromises becoming more common it is important to understand the types of authentication factors available and good computing practices.
As part of Information Security Planning, firms should also identify applications, services or websites that require at least one level of authentication (e.g. password protection, PC certificate, or security tokens) as well as any that may require multi-factor authentication.
Here at Eze Castle Integration, we take great pride in listening to our clients and the market as a whole. We follow a security-first approach in delivering complete cloud solutions complemented by the support of our award-winning global helpdesk, which operates 24x7x365. Whether using the public cloud, private cloud or a hybrid cloud approach, Eze Castle Integration excels in providing best-in-class solutions that address a firm’s specific needs.
Across the dark web underworld criminals are buying and selling stolen user credentials, including email addresses, usernames and passwords, to access high value (i.e. executive and privileged user) accounts. Once in a system, criminals steal financial assets, uncover trade secrets and exploit other vulnerabilities. To stop this threat, firms must monitor the Dark Web and respond.
Enter Eze Dark Web Monitoring, a cost-efficient deterrent to ATO activities. Eze Dark Web Monitoring provides early detection, alerting clients when credentials are discovered and forcing users to reset passwords.
“Cybersecurity threats rank as some of the greatest risks facing the industry today with companies of all sizes under attack. At Eze Castle Integration, protecting clients is our mission. We follow a security first approach to IT and deliver fully managed security solutions, such as Eze Dark Web Monitoring, to fortify our client environments – whether they reside in a public cloud, private cloud or on-premise,” said Steve Schoener, Chief Technology Officer at Eze Castle Integration.
In the fast-paced, volatile world of financial services, constantly maintaining normal business operations is crucial – even in the event of an unexpected disaster. Even just a few moments of downtime could be extremely costly, so it is essential that firms implement sound business continuity procedures.
Since we frequently work with our clients on developing comprehensive business continuity plans (BCPs), we feel it is important to review and test our own BCP procedures on a regular basis to ensure they will meet our most current business needs in the event of a disaster. To this end, one of our certified business continuity professionals recently conducted a BCP table top exercise with our management team here at Eze Castle. After this successful meeting, we thought it would be valuable to share some insights on the BCP table top exercise process with our readers to spotlight the importance of this activity.
Finding the resources to meet that sizable effort can present a challenge. Large global organisations like top law firms will have strong, hard-working IT teams, but even then, running a 24/7 information security monitoring operation may present a significant burden. Instead, it may make more sense to partner with an outsourced specialist in threat management, highly trained to track emerging types of attack and their modus operandi, as well as the best ways to see them off.