Eze Castle Integration Eze Castle Integration

Eze Castle Blog

> Subscribe to Blog Entries about Business Continuity Planning RSS

2019 New Year's IT Resolutions for Investment Management Firms

By Olivia Munro,
Thursday, January 3rd, 2019


With the new year now upon us, what better time to create your 2019 resolutions for your firm's IT strategy! As we know, the threat landscape is constantly evolving, cloud computing has gained momentum and is now widely accepted in the investment management industry, and new technologies and trends are emerging to support firms with their IT and operational needs.

Continue reading for Eze Castle Integration's recommendations for IT resolutions for 2019:

1.) Create a Cybersecurity Incident Response Plan

As the experts in the industry say, it's not if, but when, a cybersecurity incident will occur. According to a recent report by TechCrunch, cyber attacks are set to spike again in 2019, meaning firms need to continue to stay on top of cybersecurity best practices, utilizing layers of security to protect sensitive data, of course, have a Cybersecurity Incident Response Plan. This includes creating an Incident Response Team consisting of members throughout different departments in the organization, and mapping out the steps to take before, during and after a security incident.

2.) Develop a Written Information Security Plan

Building on this, developing a Written Information Security Plan, or a WISP, is critical to securing your information, but also required if your firm is registered with the SEC. Having documentation of your firm's plan and systems in place to protect personal information and sensitive company information can help mitigate threats and risk against and protect the integrity, confidentiality, and availability of your firm's data.
 

3.) Create a comprehensive employee security training program

If you don't have an employee training program, it is critical that you create one in 2019. If you already have an existing employee training program, you must periodically audit this program, ensuring it is both effective and current. Having a managed phishing and training program is an effective way to train employees on how to spot and report phishing and social engineering attempts. These simulated phishing attacks against your employees provide real-time and interactive training. 

Categorized under: Cloud Computing  Security  Outsourcing  Private Equity  Disaster Recovery  Hedge Fund Operations  Help Desk  Infrastructure  Communications  Business Continuity Planning  Trends We're Seeing 



Outsourcing in the Alternative Investment Management Industry: Navigating Cyber, Legal and Operational Risks + Webinar Replay

By Amisha Shah,
Thursday, October 25th, 2018

Investment firms are increasingly drawn to outsourcing to manage complex technology and operational requirements. And, of course, with this evolution comes a range of considerations. In a recent webinar, Eze Castle Integration’s Executive Director, Dean Hill, and, Lawrence Brown, Information, Communications and Technology Partner at law firm Simmons & Simmons, explored the cyber, legal and operational risks for firms looking to outsource.

Watch the full webinar replay here

Categorized under: Outsourcing  Cloud Computing  Security  Operational Due Diligence  Disaster Recovery  Infrastructure  Business Continuity Planning  Trends We're Seeing 



Exploring the Cost of Unexpected Downtime

By Olivia Munro,
Thursday, October 18th, 2018

When it comes to protecting your business, you can never be too prepared. In the competitive investment management world, downtime for any reason is not an option. Whether it be a natural disaster, inclement weather, or even a flu epidemic sweeping the office, your firm needs to have both Disaster Recovery and Business Continuity Plans to ensure that your firm doesn't undergo the costly financial and reputational losses in the case of downtime.

Firstly, it’s important to understand difference between Disaster Recovery and Business Continuity Plans.

Disaster Recovery refers to the policies and procedures to enable the recovery of key technology systems after the event of a disaster. A robust DR program ensures that data centers are highly redundant, have multiple entry fiber paths and multiple power grids, undergoes annual testing, and comes with around the clock support, as outages can easily occur outside of business hours.

Business Continuity refers to a document that outlines how your firm will respond when confronted with unexpected business disruptions. A cohesive Business Continuity Plan has proven methodology to ensure your firm is prepared for the unexpected, includes a detailed risk assessment and business impact analysis, has strategies and plan development, includes testing and training, and is continuously evaluated and maintained. Our new eBook outlines the seven steps to create a BCP, download your copy here.

Categorized under: Cloud Computing  Security  Operational Due Diligence  Outsourcing  Disaster Recovery  Hedge Fund Operations  Business Continuity Planning  Trends We're Seeing 



Employee Termination Checklist for IT: An Investment Firm’s Starting Place

By Mary Beth Hamilton,
Thursday, October 11th, 2018

Whether it is an intern heading back to school or a full-time employee moving on, an investment firm must have a detailed employee termination checklist for information technology (IT) that is diligently followed.

But what are the key items that must be on your employee termination checklist?

Here’s An Employee Termination Checklist Foundation:

  • Contact IT Department or IT Provider to terminate or change network or application logins 

  • Ensure subscriptions are either cancelled or changed

  • Collect employee equipment such as laptops, monitors, mobile devices, etc.

  • Ensure employee has documented transition procedures

  • Reset user password and disabled account

Categorized under: Security  Launching A Hedge Fund  Hedge Fund Operations  Business Continuity Planning 



7 Steps to Create a Business Continuity Plan

By Amanda Daly,
Tuesday, October 9th, 2018

When confronted with unexpected business disruptions, alternative investment firms must react swiftly, methodically and successfully or else risk significant financial loss. This level of response requires extensive business continuity planning to ensure all aspects of a firm’s business are evaluated and protected. In this blog, we will help you create a Business Continuity Plan and help you identify which threats pose a risk to your firm. 
7 Steps eBook
 

Categorized under: Security  Operational Due Diligence  Disaster Recovery  Business Continuity Planning 



7 Questions to Help You Evaluate Your Firm's IT Vulnerabilities

By Olivia Munro,
Thursday, September 20th, 2018

With Cybersecurity Awareness Month steadily approaching in October, there's no time like the present to evaluate your firm's IT vulnerabilities and make sure that your firm is taking steps to mitigate these threats. When looking for vulnerabilities in your organization's IT, there are questions you can ask yourself to help pinpoint the vulnerabilities and remediate the findings.

1.) Does my firm know what assets, both hardware and software, are in inventory?

The first step to considering your vulnerabilities is to create a complete inventory of technology assets. How can you know what your vulnerabilities are if you don't know what systems and data you need to protect? Keeping a list of workstations, servers, applications and smartphone devices in one central location is crucial. As your firm grows in assets, products and headcount, are you continuing to re-evaluate your IT inventory? You'll want to have a running list of technology assets as the firm evolves and grows.

2.) Are we patching effectively and appropriately?

Your firm should be patching quickly and appropriately, as poor patch management can leave your firm exposed to potential threats. Zero-day threats take advantage of software vulnerabilities before patches and updates are available to the public. The best way to protect yourself against this is installing updates as soon as they become available. Having a patch management process in place allows firms to roll out these updates when necessary.

Categorized under: Security  Operational Due Diligence  Business Continuity Planning 



Operational Due Diligence: Common DDQ Questions Investors Are Asking

By Eze Castle Integration,
Thursday, September 6th, 2018

Operational due diligence has become a hot topic that continues to gain importance and attention throughout the alternative investment industry. Over the past few years, as regulations have changed and investors increasingly seek transparency, funds are spending more time than ever preparing for the due diligence process.

It is no surprise that the investment industry landscape is becoming more and more competitive. As this trend continues, investors are raising their expectations and looking towards funds that display the highest levels in operational excellence. One important way to ensure your firm meets these high standards is to complete a due diligence questionnaire (DDQ) that can be shared with potential investors.

A comprehensive DDQ covers a wide range of topics, from assets under management to audited financial statements and investment strategies. One major area of focus is the fund’s IT and accompanying cybersecurity policies and procedures.At Eze Castle, we frequently assist our clients in completing DDQ questions on technology, and we often see the same types of questions popping up. So, to help you get started, we have compiled the following list of some frequently asked DDQ questions.

Categorized under: Operational Due Diligence  Disaster Recovery  Hedge Fund Operations  Business Continuity Planning 



How Is Your Firm Mitigating Technology Risk?

By Eze Castle Integration,
Tuesday, September 4th, 2018

Investment risk plays an important role in the life of a hedge fund manager, but technology risk should not. When it comes to your firm’s technology systems and operations, you want things to run efficiently, not add more stress to your already crowded plate.
 
Mitigating technology risk is a critical step to ensuring your hedge fund operates smoothly and successfully. Following are a few areas to keep in mind as you evaluate your firm’s technology risk:

Layers of Redundancy

One way to reduce your firm’s technology risk is to add layers of redundancy throughout your infrastructure. Whether you’re utilizing a cloud infrastructure or an on-premise environment, your servers, networking and telecomm lines should feature N+1 availability, a configuration in which multiple components have at least one independent backup component to ensure system functionality continues in the event of a failure. 

Categorized under: Outsourcing  Cloud Computing  Security  Disaster Recovery  Hedge Fund Operations  Infrastructure  Business Continuity Planning  Trends We're Seeing 



Disaster Recovery Testing: Frequently Asked Questions

By Eze Castle Integration,
Tuesday, August 28th, 2018

An often overlooked, but critical component of disaster recovery (DR) solutions is testing. 

If regular testing is a critical component of an effective DR solution, why do many firms fail to do so? The most common reasons include:

  • a lack of time to commit to DR testing;

  • a lack of understanding as to how to go about testing their solutions;

  • and a belief that testing could hinder normal business operations, and is therefore too risky for the firm.

Categorized under: Disaster Recovery  Security  Business Continuity Planning 



Making the Most of Your IT Budget

By Amisha Shah,
Tuesday, August 7th, 2018

Worldwide IT spend is predicted to reach $3.7 trillion in 2018, a steady 4.5 percent up from 2017, as forecasted by Gartner. With spend on IT increasing each year, it’s evident that businesses worldwide acknowledge the importance of having a robust IT infrastructure in place to deliver seamless business operations. But, this also means that firms today are challenged with the task to establish mature and structured budgeting practices to optimise IT spend and strategy, each year.

Coming up with, and effectively using an IT budget to support the needs of a growing firm takes a tactical approach, making allocations in line with strategic aims. This blog article explores some key considerations to help you make the most out of your IT budget.

Categorized under: Cloud Computing  Outsourcing  Infrastructure  Business Continuity Planning 



View earlier posts in the archive

Recent Posts / All Posts