In a recent webinar, members from the Eze Castle team talked about the security layers that are essential to cloud security for all investment firms. Topics for discussion include:
How to approach a security-first strategy to cloud systems
Defining the essential security layers from the outside in
Must have security safeguards from multi-factor authentication to employee training techniques
To start, we typically find three points in time when it makes the most sense for an existing firm to evaluate a move to the cloud. This includes during an office relocation, adding new applications, and an IT refresh.
Office relocation: This is an ideal time to evaluate your IT environment to determine if a refresh is around the corner. Often it doesn’t make sense to invest in moving a Comm. room that will require a refresh in the near term. We have found that migrating to a cloud environment prior to a relocation can be ideal because it makes the move very low risk and simplifies the process.
New applications: The cloud, of course, is great for applications because it gives firms flexibility to add on as their businesses grow.
Technology refresh: Hardware will typically run a lifecycle of 3 or 4 years before it needs to be refreshed. If you’re getting to that point where your servers and other hardware are getting stale, and if you’re going to be investing in new technology and upgrades anyway, it’s the perfect time to evaluate a cloud solution.
As we wrap up 2018 and start looking forward to 2019, we thought it would be helpful to share some of our favorite cybersecurity articles from this year!
You may also want to check out the launch of our online Cybersecurity Information Center, three new whitepapers and a series of educational webinars.
Now is the perfect time for firms to reflect on what’s often classed as a key contributing factor to cyber breaches – its employees. We hate to admit it, but human error tends to be the weakest link of any defense practices firms have in place. The IBM X-Force Threat Intelligence Index 2017 advises that simply having the right technology is not enough to ensure protection from threats we’ve seen grow in frequency and sophistication, of late. Reputable airline, British Airways, is one of many businesses to fall victim to a reputation damaging data breach in 2018, compromising the personal and financial details of approximately 380,000 customers.
Read more on how to build a strong human firewall for your firm here.
From a personal perspective, there are a variety of reasons that individuals update applications on their personal devices, like a mobile phone or an iPad. For example, with Social Media applications new features, faster load times, and bug fixes may be a draw. But from a business perspective, it is imperative to keep applications up to date on your devices. Continue reading to learn some of the benefits of keeping applications up to date, why it's crucial from a security perspective, and some of the potential risks of legacy applications.
Similar to your personal devices, updating applications is crucial for optimal performance. Faster load times will allow you to access files and perform business functions with more efficiency. In addition to potential faster load times, outdated applications can crash often and require attention from your IT department. This uses valuable company resources that could be dedicated somewhere else.
Oftentimes applications have bugs that can impact usage and performance. Perhaps the application quits unexpectedly, or there are graphical inconsistencies in the application. Software updates will fix any bugs in the application, which again, improves performance and increases efficiency.
Perhaps one of the most valuable benefits of updating your applications from an end-user perspective are the new features that often accompany updates. New features can enhance the app and can potentially streamline your work, or even perform a function that you weren't able to before, brining an added value to the workplace.
Today, security threats are ever present and constantly evolving, keeping firms on their toes and cybersecurity in the headlines. Financial institutions need to ensure that their network and systems are running smoothly and their data is safe and sound. At Eze Castle Integration, we believe in employing a layered approach to cybersecurity, meaning, having layers of technology in addition to policies and procedures in place to ensure security. Some of our top tips for bulletproofing your firm's network include:
On a basic level, firms should utilize anti-virus software and network firewalls, which will reduce traffic to the firm's network. Ensure that anti-virus software and all programs are up to date so that hackers and malware aren't able to sneak into the system. Additionally, making sure that all Microsoft patches are deployed in a timely manner is a security best practice, and there can be serious implications on your firm's security if you are not patching properly.
Active Threat Protection
With Eze Active Threat Protection, or Eze ATP, firms can take a fully managed approach to secure their network. Eze ATP has a three step approach to threat protection:
Investment risk plays an important role in the life of the fund manager, but technology risk should not. When it comes to your firm’s technology systems and operations, you want things to run efficiently, not add more stress to your already crowded plate.
Mitigating technology risk is a critical step to ensuring your firm operates smoothly and successfully. Following are a few areas to keep in mind as you evaluate your firm’s technology risk:
Layers of Redundancy
One way to reduce your firm’s technology risk is to add layers of redundancy throughout your infrastructure. Whether you’re utilizing a cloud infrastructure or an on-premise environment, your servers, networking and telecomm lines should feature N+1 availability, a configuration in which multiple components have at least one independent backup component to ensure system functionality continues in the event of a failure.
If you are launching a new firm or enhancing the operational efficiency of an existing firm, choosing an external provider to outsource your IT needs is an important decision that should be made only after careful consideration and evaluation. To help with the evaluation process, here are our top considerations to keep in mind when evaluating IT Providers and which best suits the needs of your firm.
Choosing an IT provider is no easy task, and we strongly urge you and your firm to take a proactive approach and do an in-depth evaluation. Asking questions and interviewing multiple providers will allow you and your firm to find the best fit for your IT needs.
In today's workplace, approximately 77% of American adults own a smartphone, and almost 25% are using wearable technologies like fitness trackers and smart watches. With these devices now commonplace in today's enterprise information technology space, it is crucial to address the risks associated with these devices and take action to mitigate these threats. IoT technology has become an ideal target for cyber criminals intent on hacking into company servers, and IoT devices are not equipped to repel modern hackers. This said, it is crucial to be aware of the threat environment and implement data security measures to make up for the inherent vulnerabilities.
Grappling with IoT Hazards
Two common types of IoT attacks include:
- Distributed denial of service strikes
- Eavesdropping operations.
With distributed denial of service (DDoS) attacks, connected devices are turned against the businesses and individuals using them. Hackers will insert malware into company servers responsible for controlling enterprise IoT fixtures and then attack connected assets. These attacks increased by 91% in 2017, due in part to the increase in IoT in the workplace.
IoT technology can become more of a hazard than an asset when organizations don't take the proper steps to ensure security. To learn more about IoT security, click here to read our whitepaper "Addressing IoT Security in the Age of Enterprise Mobility".
Given today’s economic market –with continuous fluctuation and new regulations – many firms are making the decision to move their offices or expand further internationally and it is important to understand the restrictions and regulations. Overseas expansion requires a number of strategic considerations. Today, let’s examine some key business and technology factors.
Let’s start out with some key first steps.
One of the most important steps a firm must take in beginning the international expansion process is to understand the local government requirements for establishing a new business in the selected region. These local regulations will impact launch time and all additional aspects of business.
You can learn about What U.S. Based Firms Need to Know about the EU's GDPR in our Whitepaper
Flu season is currently in swing, and hopefully your firm has taken precautions to protect employees from illness, and has a Business Continuity Plan in place to ensure operations run smoothly in the event of an outbreak. In addition to being prepared for flu season, it is crucial that your firm be prepared for other types of virusus - those that infect your IT infrastructure! With cyber-attacks on the rise and becoming increasingly more sophisticated, firms need to take extra precaution to protect themselves against viruses and malware that can potentially harm their firm.
A virus is a program that can infect a computer system and replicate itself, allowing it to spread from one PC to another over a network. Typically, a virus will replicate itself by attaching to an executable file that is part of a legitimate application. When the user attempts to launch that program, this activates the virus, which enables it to corrupt or alter files on that computer and spread to other applications on the network. Viruses can also be spread via removable media, including USB drives, DVDs, and CDs.
Viruses and Malware to be Aware of:
Trojan: A Trojan horse is a malicious program that disguises itself as a legitimate application. The user initiates the program, believing it to be performing a desirable function, but it instead allows the invader to gain unauthorized access to the user’s PC and the information that is stored there.
Black Hat vs White Hat & every shade in between. The term hacker carries a negative connotation because a majority of the time we only hear about the “bad” hackers. Hackers tend to attack more often than they should. Be sure to be guards up and on the lookout for hacker's exploits - from social engineering to poor patch management - to protect your firm.
Black Hat Hacker's Tricks
Black Hat hackers exploit individuals for money, information, and much more, all for personal gain. White Hat Hackers, however, are the good guys. White Hat hackers help you to identify security gaps that Black Hats may penetrate.
So, let's look at the favorite technique that Black Hat Hackers use -- first up is social engineering.
Social engineering (e.g. phishing, baiting, pretexting, etc.) relies on the exploitation of human behaviors to breach an organization’s information security system. Hackers prey on propensities of human nature, including:
Trust: Some people are trusting to a fault; therefore, they do not question the intentions/identity of another person until proven to be false.
Ignorance: Disregard for the consequences of carelessness with sensitive business information.
Laziness: Willingness to cut corners, such as not filing away confidential paperwork and leaving it exposed for others to see.
Kindness: Employees want to feel that others can leverage them for their assistance and information because we’ve trained them to do so. However, this can lead to divulging too much information to the wrong person.