Cybercrime is on the rise. While data breaches at large organizations from SWIFT to the IRS make front-page news, no company large or small is immune. Hedge funds, fund administrators and other firms whose success is built on trust and establishing strong investor relationships stand a lot to lose from a cyberattack. If data integrity or client privacy is compromised, the long-term reputational scar on the firm can far outweigh any monetary cost.
And it’s not just client information that is at risk. Cybercriminals have been known to commit data piracy — stealing a company’s proprietary algorithms and other important information and holding it for ransom.
To lessen the chance that your firm becomes another cyber statistic, here are some of the key risks and how to safeguard against them.
Cybersecurity isn’t just about technology. While anti-virus software and other applications offer some protection, another issue – and one that is harder to manage because it is less prescriptive – is the human element.
According to research from MetricStream, more than 66% of financial services firms (including asset management) experienced a cybersecurity attack in 2015. And, nearly half of those breaches were from employees who unknowingly provided a conduit for a cybercriminal.
Managing the human risk begins with employee training. Teach employees to recognize a cyber threat/cyber scam and establish protocols for handling and containing a breach.
With the enormous amount of information available online and client demand for 24/7 access across multiple devices, it is harder than ever to protect every link in the technology chain. Unsecured devices, public Wi-Fis and sloppy cyber hygiene provide an open door for cybercriminals.
To mitigate connectivity risk, limit the use of personal and unmonitored devices for work, ensure sensitive data is encrypted, use two-step verification and require regular password changes.
Smaller firms with limited technology budgets, staff and expertise are the most vulnerable to attacks. Trojans, malware, viruses, hackers and other infiltrators can exploit loopholes in security and wreak havoc on a company’s systems and data.
Basic precautions go a long way to curbing operational risk. Monitor systems and applications regularly to ensure software is up to date and virus protection is installed. At the same time, don’t skimp on technology or IT support.
Sharing too much information (TMI) on social media and corporate websites can expose a company to one of the latest cyber scheme – executive impersonation.
Executive impersonation occurs when perpetrators hack into a company website and mine social media to identify key contacts and procedural information. Posing as a company executive, they request a wire transfer or other financial transaction that appears legitimate. An unsuspecting employee approves the request and transfers the funds to the perpetrator’s account. According to the FBI, executive impersonation scams have impacted more than 22,000 companies around the world and resulted in over $3 billion in losses.
Prevent executive impersonation with a combination of employee training and stringent policies for use of social media. In addition, establish protocols for financial transactions that require multi-level authentication, verification and authorization.
Often overlooked, third-party risk is a growing concern due to increased outsourcing of key processes and the global nature of business. Less than half of alternative asset managers are focused on third-party data oversight, which poses an “unmitigated cyber risk,” according to KPMG.
To reduce third-party risk, know your vendor ecosystem. Perform regular due diligence on your vendors and their subcontractors, and establish contractually dictated protocols for security.
There is no room for complacency with cybersecurity. The best defense is a strong offense. Firms that proactively implement policies and procedures to identify risks, protect data and close loopholes will be on sound footing to safeguard against cybercrime. FundCount takes security seriously. Our software supports industry-standard security protocols for data storage, connectivity and application-level user access to help mitigate cyber risks.