Public Wi-Fi networks are incredibly convenient and can be a great resource for airport layovers, coffee shop meetings or lengthy train commutes, but alongside convenience are a host of unnecessary risks. On open, unsecure networks, information is generally unencrypted, meaning with the use of a wireless network analyzer, it’s fairly easy to see what others are up to. What attackers try to do is intercept the communication between your computer and the computer you are sending information to so that they can gather useful information. A hacker, for instance, can see what webpages you’ve visited and what credentials you’ve entered into forms.
Common attacks that occur on public Wi-Fi include:
Man-in-the-middle attacks (MITM)
Attackers will set up their own network between your computer and the computer you are connecting to so that all the information you enter is first routed through their device.
In 2016, 70 percent of private equity firms experienced no less than three cybersecurity issues. Not one or two. But three (or more). It’s one of the most jarring findings of our Private Equity CTO Survey, and it signifies just how imperative it is for financial services firms to implement sound and robust security measures to protect business assets, operations and reputations.
In the past 12 months, private equity firms indicated that they’ve experienced a wide range of cybersecurity issues, most notably malware, worms and viruses (1 in 3 firms), unauthorized access to corporate data (nearly 1 in 3 firms) and hijacking of social media accounts (nearly 1 in 3 firms). While the latter, in particular, may not seem like a concerning issue, it’s important to recognize that social media accounts are promising gateways for social engineering hackers. Information within these personal accounts can serve as the keys into corporate information systems – particularly if users are not diligent about maintaining unique passwords for various systems.
That nearly a third of firms have experienced unauthorized access to corporate data highlights a lack of control over an organization’s data and who has access to it. Without a detailed access control policy and ongoing monitoring in place, too often employees receive excessive data access privileges that introduce security risks.
In light of these experiences, our survey indicates firms will make significant changes to their IT budgets this year. When asked what percentage of their overall IT budget would be dedicated to cybersecurity in the next 12 months, respondents indicated a significant increase, as seen by the chart below. Only 7 percent of private equity firms will have cybersecurity budgets of less than 5 percent, down from 24 percent currently. Increases are also expected in the budget range of 10 to 25 percent.
Technology innovation and evolution has had a profound effect on many jobs, perhaps most notably for a firm’s Chief Technology Officer. Once tasked with desktop support and server maintenance, these IT executives have seen their job descriptions change dramatically over the years. But that change doesn’t necessarily signal something negative.
Our Private Equity CTO Survey asked these technology experts directly how they spend their time and what they view as the new and evolving role of the private equity CTO. Their answers highlight a transformative shift from technology troubleshooter to strategic thinker.
With the advent of outsourcing and the cloud, many feared or expected the CTO role to diminish. So perhaps the most notable finding of our survey is that 93 percent of respondents believe their firm’s CTO or top IT executive is becoming more important to their business. The vast majority of private equity IT execs are becoming more focused on managing relationships with contractors, cloud and other IT service providers. This increased focus is in alignment with the trend of today’s progressive CTOs drawing on cloud technology to create agile firms that can quickly deliver the applications users require – and working hand-in-hand with outsourced providers to support the organization’s technology and operations objectives.
Most firms (85 percent) also see the CTO becoming more involved in driving the firm to meet regulatory and compliance demands. This is especially true as regulators outline data protection and cybersecurity expectations that can only be fully addressed through the use of technology. Additionally, regulators’ expectations around third-party due diligence has increased, placing more responsibility on CTOs to execute thorough risk assessments on the contractors, cloud, software and IT service providers used by the firm.
It’s time to take another close look at the results of our 2016 Private Equity CTO Survey, this time with a careful eye on how private equity firms are leveraging outsourcing and cloud services.
Private equity outsourcing is growing in popularity – and we discussed many of the reasons why at length in a September webinar which you can listen to here. Our survey findings tell us that the average private equity firm is outsourcing about 30 percent of IT, with of course, some firms outsourcing less frequently and some outsourcing more.
On the whole, most firms are leveraging outsourced third party providers for between 20 and 40 percent of their IT functions. Firms managing less than $100M in assets are the most likely to outsource greater portions of their IT services, likely given their lack of internal staff and resources.
Overall, firms’ propensity to manage technology via in-house resources, outsourced providers or contract work is expected to stay consistent in 2017, as evidenced by the graph below.
As you probably recall, our 2016 Private Equity CTO Survey – which we released at the end of November – highlights key IT priorities and investment areas driving private equity firms in 2017. And while we shared some high-level findings at the outset, we’d like to take the opportunity to dig a little deeper into some of the survey results over the next two weeks. Since the survey itself covered four primary areas, our next four Hedge IT articles will examine each of these areas independently and highlight some of the most interesting and thought-provoking findings.
To kick us off, let’s start by taking a look at some critical business priorities for private equity firms in 2017.
Drivers for Private Equity IT Investments
We all know and appreciate how technology can impact our day-to-day operations. For private equity firms, advances in technology have enabled their businesses to become more efficient and drive growth across the entire organization.
When asked to identify the top drivers impacting IT spend in the next 12 months, survey respondents highlighted the need for increased protection against growing cybersecurity threats, a desire to improve the investor/client experience, and the goal of improving efficiencies by refreshing outdated or legacy technology.
As we predicted in our recent article on 2017 technology trends for financial firms, cybersecurity and protection of personal information remain key priorities in the new year. Ensuring that information is secured is becoming infinitely harder as hackers find more ways to access, expose and compromise data. Up-and-coming security scams such as “popcorn time” and “typosquatting” are just some examples of new ways hackers are exposing data. With this in mind, we’ve identified three IT security must dos you should employ in 2017 to protect yourself and your organization.
With a new year comes new threats for the financial industry. This year ransomware is predicted to be a primary threat for companies due to the prevalence of Internet of Things (IoT) devices. IoT devices are an easy target for scammers because they often do not have security measures in place to protect your information (think home security systems, Amazon Echo and baby monitors). Entry into your IoT device can easily provide a gateway for hackers to access your entire network. Because of this, it is important to always remember to change your passwords every 60-90 days, back up data and use safe browsing practices.
Here are some particular cybersecurity threats and scams to watch out for in 2017:
There is a new ransomware in development called Popcorn Time (unrelated to the Popcorn Time application) that puts users in a tough spot. Once infected, Popcorn Time requires users to either pay a ransom of 1 bitcoin (about $800) to get their files back or the victim can choose to infect two other people by sending out a referral code. If two people that you send the referral code to pay the ransom, then you will get a free decryption key. The ransom deadline is one week for you or your victims to pay.
If you thought this scenario couldn’t get worse, think again. Once the user has obtained a decryption key, he/she only has three chances to enter it correctly before the ransomware will begin to delete files permanently. It appears the ransomware encrypts more than 500 file types located in “my documents”, “my pictures”, “my music” and the user’s desktop.
This ransomware seems to still be in the development stage, so things may continue to change, and at this point it’s unclear how far it will spread. The creators of this ransomware claim to be a group of students from Syria trying to raise money for Syrians that are affected by the war.
The best New Year resolutions are the ones you can stick with. So here are our three simple technology resolutions for 2017 which you can use in your personal and professional life.
Resolve to Change Your Passwords, Make them Unique
Passwords are the keys to your virtual kingdom so treat them as such. These days having a password is not enough. Users must have complex passwords that incorporate letters, numbers and symbols and that change often. Here are some other password tips:
Substitute letters for numbers and use phrases to remember and create unique passwords. For example, “I love Gmail” can become “!l0v@gm@!l” – something you’ll remember but is hard for someone to guess.
Avoid using personal information in your password that may be easy for someone to figure out. Things to avoid include your name, address, date of birth, pet’s name and children’s names.
Don’t use the same password for all your accounts – switch it up. For example, you can use the same word but change it up by capitalizing different letters or substituting letters for numbers.
Be sure to change your password often. We recommend changing a password every 30-90 days. Many of our clients already have automated procedures in place to enforce this policy.
Check Your Social Media Privacy Settings & Be Social Aware
The rise of social networking online has reduced privacy expectations across the globe. We must be more aware of the automaticity of our behaviors and tendency to trust sites while browsing the web. In this tug-of-war between security and connectivity, users can regain control of their personal information. Instead of dispensing reams of sensitive data, choose to keep what’s private, private. Adopting an alert awareness while interacting on social platforms and thinking twice before your next “like” could go a long way.
Happy New Year! Seeing how the calendar now reads January (we're still in denial, too) and there are a number of weather systems being monitored across the US, we thought it might be best to kick off the year here on Hedge IT with some helpful weather-related business continuity tips.
Here are eight to keep in mind as the next winter storm approaches.
1. Determine how/where your employees will work in the event of a winter weather scenario.
Some firms opt to identify a secondary work site, but in the event of a widespread or regional event, you may find that location is inaccessible also. You should also consider if transportation is/will be impacted by the weather. If road conditions are bad or public transportation is shut down, employees will have to remain home.
If your firm supports remote access capabilities, ensure employees are prepared with the necessary infrastructure, workload expectations and communication tools.
2017 is quickly approaching and so are a plethora of new financial technology and operations articles here on Hedge IT. As we wrap up 2016, let’s take a look back and share some of our readers’ favorite articles from this past year.
Tips for launching a hedge fund are always popular on Hedge IT, and 2016 was no different. Earlier this year, Eze hosted a webinar featuring speakers Paul Schultz from Wells Fargo, Michael Mavrides from Proskauer Rose LLP, and Bob Guilbert from Eze Castle Integration. A few key takeaways from the 1-hour event include:
Understand that investors will expect enterprise-grade technology built in from Day 1.
Remember the advantages of the cloud: a predictable cost, flexibility and scalability (“tech on demand”), enterprise security, and professional management and monitoring.
Compare both the benefits and disadvantages of a “master fund” versus a “side-by-side” structure (e.g. the master fund allows for one set of books and trades, while the side-by-side structure allows for more tax flexibility)
Show investors that you have a 3+ year budget for working capital without any performance fees.