Hedge Fund Managers: Have You Considered Cybersecurity? Part 2
Hedge fund managers, have you considered cybersecurity? In part two of our series, you'll learn preparatory steps to secure your information.
20 November 2014
The first blog in this series noted that in recent years, hedge fund managers have collectively spent an enormous amount of time and money in automating their systems. But they probably haven’t matched that cash and effort in securing their systems, networks, and processes.
But these days, cybersecurity is paramount, as hackers are attacking any business that can potentially yield information and cash. While currently cyber criminals appear focused mostly on retailers, they are also penetrating hedge funds. Naturally, Wall Street is a tempting target.
So now is a great time to ask yourself: “Where am I vulnerable and what can I do about it?”
Hedge Fund Managers: Where is your Data Exposure?
Let’s review some data types that hackers might try to steal. These include:
- Clients IDs
- Social Security numbers
- Bank and custodial account information
- Your proprietary investment strategy data — the precious “special sauce”
Who Will See Your Hedge Fund Data?
Next, ask yourself where this data is stored and where it will go — both inside and outside your firewall. The recipients of hedge fund data can include:
- Business colleagues
- Prospects and clients
- Third party vendors
- State or federal regulators
And as we all know, the prevalence of cloud-based or file sharing service providers has made distributing data inside and outside of the enterprise all but inevitable. You and your employees may be opening data and content to organizations and people who don’t necessarily have strong security, or control over how your documents are used, shared, or stored.
You may do business with companies whose employees will take your data and share it with whomever they wish. And the consequences of a data breach could be disastrous to your business. (To read more on the topic of long-term content control, I suggest this Ovum research report: “Content is the New Perimeter.”)
Do You Have a Cybersecurity Plan?
But before you can strengthen your security, you must understand all your existing risks and vulnerabilities thoroughly. This means building a comprehensive security plan — the process isn’t just about buying anti-virus software or creating a rigid password policy.
To get the big picture, here a few preparatory steps you can take:
- Educate yourself. Forewarned is truly forearmed. Thoroughly understand the importance of, and the procedures around, security, data privacy and compliance.
- Perform a deep risk assessment dive. You can’t predict and address potential privacy risks without knowing what technologies are deployed in your enterprise.
- Define best practices. Create security and confidentiality protocols for your business — then establish a procedure for internal governance to uphold these policies.
- Teach your employees. Plan to regularly educate your employees about best practices — such as how to access a customer record securely. Training is frequently expensive and time consuming, but it pays big dividends.
This is just a start. In the next and final blog in this series, we’ll share more details on how you can make your hedge fund business secure. You owe it to your clients to do so.
Marc Songini has worked in the information technology field for more than 16 years. His roles have included those of journalist, analyst, and marketing communications specialist. He admits that when he started out as a cub high tech reporter, Netscape was still rocking the industry with a wondrous new user interface called a “browser.” During his 10 years with International Data Group (IDG), Marc wrote for NetworkWorld and Computerworld, both award-winning magazines. Marc specializes in cloud, enterprise apps, and figuring out the meaning of being human in an automated world.