In a recent webinar, members from the Eze Castle team talked about the security layers that are essential to cloud security for all investment firms. Topics for discussion include:
How to approach a security-first strategy to cloud systems
Defining the essential security layers from the outside in
Must have security safeguards from multi-factor authentication to employee training techniques
To start, we typically find three points in time when it makes the most sense for an existing firm to evaluate a move to the cloud. This includes during an office relocation, adding new applications, and an IT refresh.
Office relocation: This is an ideal time to evaluate your IT environment to determine if a refresh is around the corner. Often it doesn’t make sense to invest in moving a Comm. room that will require a refresh in the near term. We have found that migrating to a cloud environment prior to a relocation can be ideal because it makes the move very low risk and simplifies the process.
New applications: The cloud, of course, is great for applications because it gives firms flexibility to add on as their businesses grow.
Technology refresh: Hardware will typically run a lifecycle of 3 or 4 years before it needs to be refreshed. If you’re getting to that point where your servers and other hardware are getting stale, and if you’re going to be investing in new technology and upgrades anyway, it’s the perfect time to evaluate a cloud solution.
Cybersecurity experts are universally quoted as saying “not if but when” with respect to cyber security attacks and breaches. A 2018 Data Threat Report1 found that 73% of US global enterprises have been breached and the rate continues to increase. Additionally, another study found that hacker attacks of computers with Internet access occur every 39 seconds on average2.
These statistics reinforce the reality that every firm is a target and ever target has a potential weakness. That is why preparedness and response on top of security layers are so important.
Let’s walk through a potential cyber incident to demonstrate how a well-crafted security strategy works in the face of an attack.
A user’s password credentials are compromised allowing an attacker to access a legacy remote access application without multi-factor authentication enabled. The compromised account is a basic user who does not have advanced, executive or privileged credentials.
The Incident Response:
The organization is alerted to the credential compromise based on suspicious activity, which is immediately reported to the IT department, who disables the user’s account and all computing sessions associated with the user account. It is also escalated to the organization’s Computer Security Response Team.
The Computer Security Response Team immediately jumps into action, taking the following remediation steps.
Categorized under: Security
With the new year now upon us, what better time to create your 2019 resolutions for your firm's IT strategy! As we know, the threat landscape is constantly evolving, cloud computing has gained momentum and is now widely accepted in the investment management industry, and new technologies and trends are emerging to support firms with their IT and operational needs.
Continue reading for Eze Castle Integration's recommendations for IT resolutions for 2019:
1.) Create a Cybersecurity Incident Response Plan
As the experts in the industry say, it's not if, but when, a cybersecurity incident will occur. According to a recent report by TechCrunch, cyber attacks are set to spike again in 2019, meaning firms need to continue to stay on top of cybersecurity best practices, utilizing layers of security to protect sensitive data, of course, have a Cybersecurity Incident Response Plan. This includes creating an Incident Response Team consisting of members throughout different departments in the organization, and mapping out the steps to take before, during and after a security incident.
Building on this, developing a Written Information Security Plan, or a WISP, is critical to securing your information, but also required if your firm is registered with the SEC. Having documentation of your firm's plan and systems in place to protect personal information and sensitive company information can help mitigate threats and risk against and protect the integrity, confidentiality, and availability of your firm's data.
3.) Create a comprehensive employee security training program
If you don't have an employee training program, it is critical that you create one in 2019. If you already have an existing employee training program, you must periodically audit this program, ensuring it is both effective and current. Having a managed phishing and training program is an effective way to train employees on how to spot and report phishing and social engineering attempts. These simulated phishing attacks against your employees provide real-time and interactive training.
As we wrap up 2018 and start looking forward to 2019, we thought it would be helpful to share some of our favorite cybersecurity articles from this year!
You may also want to check out the launch of our online Cybersecurity Information Center, three new whitepapers and a series of educational webinars.
Now is the perfect time for firms to reflect on what’s often classed as a key contributing factor to cyber breaches – its employees. We hate to admit it, but human error tends to be the weakest link of any defense practices firms have in place. The IBM X-Force Threat Intelligence Index 2017 advises that simply having the right technology is not enough to ensure protection from threats we’ve seen grow in frequency and sophistication, of late. Reputable airline, British Airways, is one of many businesses to fall victim to a reputation damaging data breach in 2018, compromising the personal and financial details of approximately 380,000 customers.
Read more on how to build a strong human firewall for your firm here.
This article first appeared on Hedgeweek as part of Eze Castle Integration's Technology Resource Center.
A string of high-profile ransomware attacks in recent years, led by the WannaCry attack in May 2017, has led to a growing awareness among the business community on the importance of proper patch management.
Just as your iPhone regularly alerts us to a new system upgrade, so computer networks must update their software to address vulnerabilities, which left unattended could lead to a serious cyber breach.
The importance of patch management was highlighted in a recent webinar featuring Scott Reardon, Director of Global Technical Services at Eze Castle Integration.
Beyond simply complying with expectations, patch management is an essential line of defence in cybersecurity protection. As Microsoft’s President, Brad Smith, once noted, as cyber criminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems.
Otherwise, they are literally fighting the problems of the present with tools of the past.
“Patch management is really applying new or changing existing code to a software program,” said Reardon. “It stems from enhancements to bug fixes and in today's world it's more popularly associated with security fixes. It is definitely a lot more complex than when I started out in the IT industry.”
Despite the recent strides by the financial industry towards improving cybersecurity policies and safeguards, studies reveal that a less-heralded group is responsible for the majority of successful cyber-attacks. Flying under the radar and opening the malware floodgates with one click of a spoof email are employees ill-informed of cyber threats and potential risks.
Unbeknownst to the employee, upon release of their mouse they have guided hacktivists into his or her company’s network, exposing business critical information, financial records, and passwords. But that’s just the beginning. The quantity and severity of subsequent damages are limitless, but so are the opportunities for improvement in the firm’s case.
As many of us are preparing to feast this Thanksgiving and start preparing for the unofficial start to holiday shopping, retail stores are getting ready for their biggest days yet- Black Friday and Cyber Monday. While many are searching the internet high and low for the best deals, cyber criminals and hackers are searching high and low for their next victims. Black Friday and Cyber Monday are the perfect time for these cyber criminals to take advantage of those who aren't aware of the risks.
Here are some additional quick tips for cyber safety during the holiday shopping season:
Do not click on a link unless it is from a trusted source
Make sure the destination URL is where you were intending to go
Make sure your phone and other devices are password protected
Use unique passwords for every online account
Do not enter personal information over public Wi-Fi networks
Use a credit card instead of a debit card when making purchases
Check the 'To', 'From' and 'CC' fields of an email
When it comes to investment management firms, collaboration, efficiency, and cutting edge technology are all critical factors when it comes to growth. At Eze Castle Integration, we partner with Microsoft to offer our clients the option to utilize OneDrive and SharePoint, two tools that can dramatically improve collaboration and streamline processes for businesses, increasing efficiency for everyone. With more people working remotely and traveling for business than ever before, mobility, security and ease of use for applications is more relevant than ever.
Before we outline the five ways SharePoint and OneDrive can transform your business operations and enhance collaboration for investment firms, let's outline the functionality of these applications. It is also key to note that in this blog, we're referring to OneDrive for Business and SharePoint Online, which are business tools and products of Office365 for Business. There are similar tools you can utilize on your personal accounts, however today we're talking about how they can specifically impact your investment firm and day-to-day business.
OneDrive: Our partners at Microsoft simply define OneDrive as "the Microsoft cloud service that connects you to all your files". Simply put, OneDrive for Business is a storage location or repository for files and documents. You are able to access this tool through Office365, anywhere at anytime, regardless of whether you're connected to your firm's VPN.
SharePoint: Like OneDrive, you're also able to access SharePoint through Office365 anywhere and anytime. It's a tool that helps firms share and collaborate on documents and files from anywhere in a secure manner.
Now, let's dive into the 5 ways OneDrive and SharePoint Improve Collaboration for Investment Firms:
As previously mentioned, one of the best features of these tools is the ability to access your files anywhere. Today more than ever, due to technological advances like these, employees are are able to work remotely with little to no change in the processes. These tools allow you to securely store your files no matter where you are and whether you’re connected to your business’s VPN, share them with your team members or partners, and access them from any of your devices. If you aren’t connected to your firm’s network, you can access and work on documents in OneDrive, and when you return to the network, the files will automatically sync with your network, ensuring a seamless transition from working at home or from a plane to being back in the office.
Having a strong technology infrastructure in place is the backbone to any successful business. It helps firms to ensure uptime, unlock maximum operating efficiency and be risk-averse. A ‘strong’ infrastructure model is futureproof. It’s capable of responding quickly and effectively to any new opportunities and threats in the ever-evolving landscape that businesses operate in. Firms today are encouraged to evaluate their existing IT, and to think about shifting from a traditional, sluggish and inflexible structure to a more fluid model.
Keep reading for three key considerations to help your business achieve a futureproof stance.