7 Tips to Strengthen Hedge Fund IT Security

Hedge fund networks are increasingly targeted by hackers. To keep your hedge fund data safe, here are some hedge fund IT security tips.

21 January 2015

As a hedge fund manager, protecting your clients’ information is your responsibility. Unfortunately, with millions of dollars involved, hedge fund networks are increasingly the targets of criminal cyber rings.

These hacker groups see hedge funds as relatively easy targets — and too often, they are probably right. And we need only look at the example of Sony Corp. to see how even how large firms with vast resources can be vulnerable to attack.

In a previous blog, we mentioned the areas of vulnerability hedge funds can present. There is a lot at risk through a hedge fund cyber-attack: customer and employee data, the fund’s secret sauce, and so on. For managers, being able to demonstrate top-notch security is almost certainly going to become a competitive advantage in attracting clients.

Now, we’ll look at things you can do to address these security gaps.

Assessing your Hedge Fund’s IT Security Readiness

As you prepare an approach and plan to securing your data, here are seven tasks to consider:

  1. Map your enterprise. Do you know what resides behind your network perimeter? For instance, have you ever taken inventory of such things as how many servers and applications are there, and on what platforms? Are these systems accessible to the Internet?
  2. Check for the security technology basics. Are there adequate antivirus and network monitoring systems implemented? Do you have systems in place that detect suspicious network activity? Do you back up data? Do you have a contingency plan?
  3. Review your solution vendors and providers. Are your IT resources proven secure? For instance, can you see if they have security accreditations? Are you using outsourced services for email or storage? Do you know how well these cloud services protect your information and content?
  4. Protect your data and files. Data are among your most precious assets. You must consider how to shield them, both at rest and in transit. How easy is it to access your network? Have you thought about vulnerabilities that might appear during customer access sessions — or when there is a fund transfer request? Do your IT solutions providers offer centralized visibility and compliance monitoring capabilities for your documents? Have you considered high-level advanced encryption standard (AES) protection? Did you know there are also customer managed key technologies available for even greater security empowerment?
  5. Closely evaluate your collaboration and data sharing solutions. Is anyone at your company using consumer-grade file sync and share (FSS) solutions? Remember, such applications could cause data leakage if they do not have the proper security and controls in place, according to a recent survey.
  6. Create internal policies. Define best practices for security and confidentiality. (This includes such things as planning the best way for an employee to access or share customer data, as needed.) Then establish a procedure for internal governance that ensures compliance to these guidelines.
  7. Prepare your people. Train your employees in security best practices regularly. Commit the resources to teach them — because without their compliance, any tech solution is bound to fail.

We hope this is useful. Want to read more about hedge fund security? Click here for more information.

Marc Songini

Marc Songini

Marc Songini has worked in the information technology field for more than 16 years. His roles have included those of journalist, analyst, and marketing communications specialist. He admits that when he started out as a cub high tech reporter, Netscape was still rocking the industry with a wondrous new user interface called a “browser.” During his 10 years with International Data Group (IDG), Marc wrote for NetworkWorld and Computerworld, both award-winning magazines. Marc specializes in cloud, enterprise apps, and figuring out the meaning of being human in an automated world.