Page 14 - index
P. 14
updated software systems, some have inadequate password conventions and firewalls, and
others do not know how to safely transmit confidential information.
With the right security and software however, confidential information and the integrity of a
fund’s data can be protected.
Cybersecurity Best Practices and Points of Vulnerability
Fund managers should have compliance policies and procedures in place for protecting data.
To this end, firms must look to identify the sensitive types of data shared with third parties that
should be granted a certain level of security against hacking. Data types that are of the utmost
importance to protect can include non-disclosed financials, portfolio financials, deal-making
financials, confidential trading data and non-public, market making data, and investor
information.
Breaches that access these data types could potentially have severe impacts on firms and the
wider marketplace, depending on whether information is stolen, tampered with or manipulated in
some other way. At stake for firms that use legacy non-secured systems can be financial losses,
a negatively impacted corporate reputation, and even regulatory investigation and fines.
For example, the Poneman Institute found in a study of 59 firms it recently conducted for
Hewlett-Packard that the annual cost of dealing with cybersecurity among financial services
companies was estimated to average $20.8 million in 2014.
Overall, there are a number of measures and controls that technologists at fund managers can
take to ensure they are adequately securing financial information. In relation to third party
providers, it is essential for funds to have a strong due diligence process in place for vetting
their vendors and any counterparties with which they do business.
For instance, it’s important to understand what a third party’s internal policies are for protecting
and securing data, and also what a firm’s contract with them requires in terms of data security.
In conducting due diligence around their third party’s cyber controls, fund managers can
minimize the risk of an attack on their confidential data through their third party providers and
gain a greater understanding of their larger network infrastructure.
Proactive due diligence combined with ongoing workflow reviews either manually or through
technology will allow firms to anticipate attacks and monitor patterns for signs of possible
breaches. This element of defense is essential in order to prevent data breaches altogether and
stem the costs of responding to hacks.
Increased regulatory focus on cyber regulations illustrates that the discussion of how firms can
better protect themselves against cyber-attacks is not going away anytime soon. As the
14 Cyber Warnings E-Magazine – November 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
