Eze Castle Integration Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Trends We're Seeing RSS

Outsourcing: Finding Common Ground in the C-Suite

By Lauren Zdanis,
Tuesday, May 23rd, 2017

Following is an excerpt from our whitepaper, Outsourcing Point-Counterpoint: Examining C-Level Perspectives at Hedge Funds and Private Equity Firms. If you want, click here to jump ahead and download the paper in full.

Outsourcing IT can be controversial across the C-suite. Your firm's CFO may see the move as financially responsible and a long-term strategic solution. Your CTO may have concerns about retaining control of the IT environment. Both sides have unique perspectives.

Just because CFOs/COOs and CTOs have different views into IT operations, outsourcing and the cloud, doesn’t mean there is no common ground. After all, both leaders ultimately want what’s best for investors and the firm. When you dig a little deeper, there are far more areas where CFOs/COOs and CTOs agree than where they differ when it comes to outsourcing IT. For example:

Risk reduction

The outdated due diligence argument against going to the cloud has been turned on its head in the current regulatory environment. CTOs may feel they’re doing the appropriate due diligence to manage all the risks themselves. However, assessing your own risk is incredibly challenging. To thoroughly evaluate risk as well as address investors’ five, 10 or even 20-page due diligence questionnaires about technology, partners, vendors, cybersecurity and operations, CTOs need to devote enormous amounts of time – repeatedly. Risk assessments are not one-and-done tasks. Vulnerabilities, particularly cybersecurity weaknesses, should be assessed in depth every six months, and remediation of identified issues must be addressed.

Categorized under: Outsourcing  Cloud Computing  Security  Hedge Fund Operations  Trends We're Seeing 



Guards Up, Phones Down: Avoiding Voice Phishing Scams and Social Engineering Tricks

By Kaleigh Alessandro,
Thursday, May 18th, 2017

Social engineering tools and tactics have transformed in recent years, and we often stress here on Hedge IT the importance of IT security, particularly when it comes to sophisticated phishing and spear-phishing campaigns via email.

One tactic we haven’t touched on is voice phishing (also known as ‘vishing’), which works towards the same ultimate goal – prompting an end user to take some kind of action that causes an exploit in the user’s system or a fraudulent wire transfer – except this time it’s done over the phone. 

Voice phishing scams are growing in popularity, often catching busy users at the end of their work day with their cyber defenses down, hoping they’ll ignore the best practices they’ve learned and instead provide sensitive information to the person on the other end of the phone.

Here are a few recent examples of voice phishing scams we’ve seen: 

  • IRS Robocalls. At the end of tax season earlier this year, many people found themselves fielding threatening calls from scammers posing as Internal Revenue Service employees insisting they’re owed money. Unfortunately, these robocall scams worked. According to the Treasury Inspector General for Tax Administration, more than 10,000 victims have paid a collective $55 million since October 2013. TIP: The IRS almost never contacts taxpayers via phone (or text, email or social media). If they want to get in touch, they’ll send you a letter. 

  • Department of Motor Vehicles. Of a similar nature, vishing schemes have popped up across the US with victims receiving phone calls from supposed DMV employees requesting payments, social security numbers and debit card information. Texting and social media have also become popular avenues for these scams. 

Categorized under: Security  Trends We're Seeing 



WannaCry Ransomware: What we know, Where we are

By Mary Beth Hamilton,
Tuesday, May 16th, 2017

The WannaCry ransomware attack is slowing as IT teams across the globe work to deploy patches, disable SMBv1 and recover files, but we are still very much in the midst of the situation. Here’s a look at what we know and what we can do in an effort to prevent future attacks.

What is the WannaCry Ransomware?

On May 12, 2017, a new strain of the Ransom.CryptXXX (WannaCry) ransomware began spreading globally, affecting a large number of organizations. WannaCry encrypts data files and asks users to pay a ransom in bitcoins. The ransom note indicates that the payment amount will be doubled after three days. If payment is not made after seven days, the encrypted files will be deleted.

We have learned that the bitcoin accounts have been abandoned, and there never was an automated decryption process, so victims should not pay the ransom. Recovery from backups are the best course of action.

How Did WannaCry Spread?

WannaCry has the ability to spread itself within corporate networks, without user interaction, by exploiting a known vulnerability in Microsoft Windows. Computers that do not have the latest Windows security updates applied are at risk of infection.

According to Microsoft, “A month prior, on March 14, Microsoft had released a security update to patch this vulnerability and protect our customers. While this protected newer Windows systems and computers that had enabled Windows Update to apply this latest update, many computers remained unpatched globally. As a result, hospitals, businesses, governments, and computers at homes were affected.”

How is WannaCry Stopped?

Applying the most recent Microsoft patches to environments will help protect computers from WannaCry infections. Another immediate remediation plan is to disable the specific system protocol known as SMBv1 to mitigate the risk of infection in relation to WannaCry.

Lessons Learned from WannaCry?

Experts warn the WannaCry may not be over just yet so we’ll tread lightly on ‘lessons’ learned but there are a few we can share:

Categorized under: Security  Trends We're Seeing 



Debunking Common Myths About Voice over IP (VoIP)

By Mary Beth Hamilton,
Thursday, May 11th, 2017

Voice over IP has come a long way, especially in the business world, but many financial services firms still have hesitations about making the switch. To assist hedge funds and private equity firms in making a decision about voice solutions, we're debunking some common myths.

MYTH 1: Poor Call Quality – Everyone Will Know I’m on VoIP

A main concern of VoIP is call quality, which can be impacted by a number of features including the network, available bandwidth and even the type of phones being used. However, a well-designed business-caliber VoIP system can deliver quality of service comparable to an in-house phone system. In business settings, where calls are made over private IP connections, Quality of Service (QoS) can be monitored and guaranteed because the entire IP connection is controlled by the party making the call.

When evaluating VoIP for financial firms, it is important to inquire about the underlying network and how voice traffic is prioritized and routed. You want a provider that has full control over network traffic and can ensure high quality of service. For added confidence, ask to speak with existing VoIP customers (over the phone!) to hear about their experiences first-hand.

Categorized under: Communications  Cloud Computing  Trends We're Seeing  Videos And Infographics 



Examining the Role of Research Management & Portfolio Management Systems in 2017

By Jaime Bean, Ledgex Systems,
Tuesday, May 9th, 2017

Regulatory expectations and financial markets continue to evolve. Ensuing from these shifting landscapes are heightened pressures on the shoulders of investment firms to deliver greater transparency, manage complex relationships, improve the overall due diligence process and utilize mass data in a more interactive and intelligent way.

In this article, let's explore some common questions around how Research Management Software (RMS) and Portfolio Management Systems (PM) work together.

What are the key benefits of utilizing a Portfolio Management (PM) solution?

It likely goes without saying, but portfolio management systems are core to the investment operations of an investment firm. In the age when transparency is the rule, these systems allow managers to fully understand and manage portfolios and share that transparency with investors or other interested parties. The features of these systems continue to evolve.

For example, a Portfolio Management solution that incorporates models (i.e. Yale model) for cash forecasting enables users to easily forecast future asset values and cash flows of illiquid alternative assets, such as private equity investments. This forward planning capability enables planning for future cash requirements and enables firms to avoid a crisis of liquidity. 

Categorized under: Software  Trends We're Seeing 



This Week in Cybersecurity: Phishing & Ransomware Take Center Stage

By Katelyn Orrok,
Thursday, May 4th, 2017

What can hedge funds and private equity firms learn from the Google Phishing Attack?

Employees can either be your firm’s biggest strength or biggest threat when it comes to phishing. It is critical that your employees receive regular information security awareness training to better understand the types of security threats with the potential to hit their inbox.

Beyond annual training, managed and simulated phishing exercises (like Eze Managed Phishing & Training) are reliable, cost-effective tools to train users to identify red flags in emails and avoid succumbing to malicious attacks.

What Netflix Reminded Us about Vendor Risk Management

The Netflix security breach highlights the critical importance of managing third-party vendors for firms and businesses who rely on outsourced providers to support their operations. A few key reminders on vendor due diligence and risk management:

  • Understand who your outsourced providers are, what functions they provide and what data/systems they have access to

  • Consider sending regular requests for proposals (RFPs) and DDQ documentation requests to any third parties you are evaluating or those you are already engaged with

  • Continuously evaluate and monitor to ensure all parties are achieving their end goals and meeting expectations

  • Conduct regular vulnerability assessments and/or penetration tests to have a clear understanding of your IT security weakness

Remember: It’s one thing to put faith in your service providers to do their jobs effectively. It’s another to ignore your own firm’s responsibility to manage that provider in an effort to protect your own firm.

Categorized under: Security  Trends We're Seeing 



Hedge Funds and Private Equity Firms: What's Your Security Attitude?

By Kaleigh Alessandro,
Tuesday, May 2nd, 2017

If there’s one thing we’ve learned over the years when it comes to security, it’s that there’s a whole lot more to creating a secure investment firm than robust technology. Before identifying infrastructure components and implementing operational policies, a firm must first be clear on what its attitude is toward security. This attitude will filter through the company from the top down, and will therefore dictate how employees and the business as a whole operate on a daily basis.
 
To give you a clearer understanding of what we mean, we’ve created three security profiles that cover a wide spectrum in terms of security attitudes and practices.

Under the Radar: Low Security

If you’re attitude toward security is low, odds are you’re barely scraping the surface in terms of what practices and policies you should be employing to maintain proper security firm-wide. You likely rely on quick fixes to solve problems instead of looking at the bigger picture and thinking strategically about how security can both benefit and protect your business. You’ve employed minimal preparedness efforts and could be in for a difficult task if faced with a serious security incident. You probably take a “it won’t happen to me” attitude and don’t take security seriously enough – a stance that could endanger your firm in the long term.

Categorized under: Security  Operational Due Diligence  Outsourcing  Private Equity  Hedge Fund Operations  Infrastructure  Trends We're Seeing 



Incident Response: A Step-By-Step Guide to Dealing with a Security Breach

By Kaleigh Alessandro,
Thursday, April 27th, 2017

If your firm hasn’t fallen prey to a security breach, you’re probably one of the lucky ones. But you also probably won't be safe for long, as most firms, at some point in time, will encounter a cybersecurity incident. Cyber incidents today come in many forms, but whether a system compromise at the hands of an attacker or an access control breach resulting from a phishing scam, firms must have documented incident response policies in place to handle the aftermath.Panic Button

With the threat of security incidents at all all-time high, we want to ensure our clients and partners have plans and policies in place to cope with any threats that may arise. While this list is in no way comprehensive in detailing the steps necessary to combat cyber-attacks (and many steps will vary based on the unique type), here's a quick step-by-step guide to follow in the event your firm is impacted by a cybersecurity breach.

1. Establish an Incident Response Team.

Choose a select group of individuals to comprise your Incident Response Team (IRT). Assign each member a predefined role and set of responsibilities, which may in some cases, take precedence over normal duties. The IRT can be comprised of a variety of departments including Information Technology, Compliance and Human Resources.

Notably, your Incident Response Team should include your Chief Information Security Officer (CISO), who will ultimately guide the firm's security policy direction.

Categorized under: Security  Trends We're Seeing 



Critical Differentiators in Operational Due Diligence for Investment Managers

By Lauren Zdanis,
Tuesday, April 25th, 2017

Competition for investments is fierce across the alternatives industry, so what makes a fund stand out and what role does operational due diligence play in winning institutional assets? During a recent webinar, we invited Boris Onefater, Founder and Managing Partner at Constellation Advisers, to examine how alternative investment firms can leverage the ODD process to stand out from their peers. Below are a few key questions and answers from the conversation (paraphrased, of course). You can also watch the full webinar at the bottom of this article or by clicking here.

How has due diligence evolved over the years?

Due diligence has evolved significantly over the last 20-25 years. Prior to 1992, most of the focus was on investment due diligence. Starting around 2005, due diligence began to evolve on a fundamental level and verification and validation of service providers became a normal and accepted practice. Post-2008, the ODD pendulum really started to swing, particularly as firms began to rely more heavily on third parties.

Categorized under: Operational Due Diligence  Outsourcing  Hedge Fund Insiders  Trends We're Seeing 



Hedge Fund Cloud Summit Five Years Later: What's Changed?

By Kaleigh Alessandro,
Thursday, April 20th, 2017

I love a good Throwback Thursday, and for today's post, I want to throw it back to five years ago this month. It was April 2012, and we were hosting one of our biggest and most ambitious events: a Hedge Fund Cloud Summit. At the time, cloud computing was widely discussed and adoption was certainly growing, but there were still a number of lingering questions heard across the industry with regards to financial and business impacts of the cloud, effects on in-house IT staffs and, of course, security. 

We still answer many questions related to these topics today, so I thought it might be fun to take a look back at the four panel topics we addressed back in the 2012 event and examine how much the conversation has really changed - or in some cases, how perhaps it's stayed the same. 

Making the Business (and Financial) Case for the Cloud

For hedge fund COOs and CFOs, the business impact of a move to the cloud is still a critical consideration for established firms. But many of the myths and common questions that were prevalent back in 2012 are now pretty easy to explain. How do investors feel about the cloud? In 2017, investors are generally comfortable with the cloud if not in favor of it over legacy, on-premise IT infrastructure setups. Is the cloud really more cost-effective? This question was a long-standing 'myth' that's been debunked; for some firms, yes, costs may be lower depending on their previous infrastructure and personnel situation, but for all, the predictability of cost is what has become a primary driver for cloud adopters. 

Categorized under: Cloud Computing  Security  Operational Due Diligence  Outsourcing  Launching A Hedge Fund  Private Equity  Hedge Fund Operations  Infrastructure  Trends We're Seeing 



View earlier posts in the archive

Recent Posts / All Posts