If you follow the news, you’ve no doubt seen several high profile cases of hacking over the last few years, including those that have occurred at eBay, JPMorgan, and Sony, to name just a few. Hackers have developed highly realistic methods for infiltrating organizations, making it even more challenging to catch attacks before they occur. But just because you aren’t a huge corporation doesn’t mean that you are immune from hacking.
In recent years, hedge funds have become lucrative targets for hackers mainly for the vast wealth of personally identifiable information that they can hold at any one time. Personally identifiable information, also known as PII, is defined as any information about an individual that identifies, links, relates, or is unique to that individual. This can include financial information, social security numbers, medical information, or anything that can be used to trace an individual’s identity, such as place and date of birth.
Because of the valuable information contained within a hedge fund, investors are now taking due diligence very seriously. Investors want to ensure that there are appropriate protections in place to prevent their data from being exposed. Even if you think your hedge fund is immune, the consequences of a potential breach are far too great not to take precautions. Aside from monetary loss, which you could potentially earn back over time, reputational damage and loss of investor trust is near impossible to recover. Loss of investor trust can be devastating to a hedge fund, because if individual investors begin withdrawing funds, it can set off a chain reaction, ultimately leading to the fund’s collapse.
Even though hedge funds will likely remain targets for hackers over the long term, there are several steps you can take to safeguard your fund from an attack, or to lessen the chances of data leaving your organization. Many of these steps are quite simple to implement, and have to do with safeguarding data and putting appropriate policies in place to minimize damage if a network is breached. If you’re starting from scratch, ensure that your firm’s passwords stay updated and employ a combination of numbers, letters, and characters- this makes them harder to guess. Blocking the use of social media sites on your corporate network is also a prudent step, but if social media sites are available, you should warn employees not to post personally identifying information or to download files while at work.
Data Governance is becoming another important component of staying secure. Data governance and auditing solutions allow funds to identify the locations and usage of critical data pieces, and ensure that the data assets are formally managed throughout the organization. By providing real time alerts based on specific rules, data governance policies can provide hedge funds with decision making confidence and peace of mind by ensuring that the appropriate personnel understand exactly how and where data is used. The SEC has also begun to place guidelines on data usage and access control, so upholding data protection policies is now largely a requirement.
Training is also a critical piece in preventing breaches from occurring at your hedge fund. You should hold seminars to educate employees on how to recognize the different types of threats, such as spear phishing, or how to guard against certain types of socially engineered attacks. Many of these attacks are very difficult to recognize, so taking time to train employees is necessary.
In addition to implementing best practices and training across the office, there are several next generation cyber security solutions emerging that can help hedge funds stay ahead of the threat landscape. In addition to standard antivirus protection and firewalls, which prevent hackers from obtaining access to a hedge fund’s hard drive, there are new solutions that use math and machine learning capabilities to recognize and prevent against attacks before they occur.