If there’s one thing we’ve learned over the years when it comes to cyber security, it’s that there’s a whole lot more to creating a secure investment firm than robust technology. Before identifying infrastructure components and implementing operational policies, a firm must first be clear on what its attitude is toward security. This attitude will filter through the company from the top down, and will therefore dictate how employees and the business as a whole operate on a daily basis.
To give you a clearer understanding of what we mean, we’ve created three security profiles that cover a wide spectrum in terms of security attitudes and practices.
Under the Radar: Low Security
If your attitude toward security is low, odds are you’re barely scraping the surface in terms of what practices and policies you should be employing to maintain proper security firm-wide. You likely rely on quick fixes to solve problems instead of looking at the bigger picture and thinking strategically about how cybersecurity risk management can both benefit and protect your business. You’ve employed minimal preparedness efforts and could be in for a difficult task if faced with a serious security incident. You probably take an “it won’t happen to me” attitude and don’t take security seriously enough – a stance that could endanger your firm in the long term.
Play it Safe: Moderate Security
In a typical moderate fashion, if this is your security attitude you probably fall somewhere in the middle. You’re employing practices and protocols just enough to get by and feel secure – but there’s still plenty more you could do. In many cases, you rely solely on the IT department or managed service provider to handle security and don’t involve other areas of the business. You send a once-off communication to employees to change their passwords – but don’t follow up on it or enforce it on a regular basis. You may be protected against moderate security threats but could suffer if a serious breach occurs.
Lock it Down: High Security
If your attitude toward security is at the highest level, congratulations! While one could argue there is always more than can be done in regards to security, you’re at the front of the pack and taking it seriously (as you should). You employ best practices across the firm and document policies and procedures to outline technology and operational priorities and safeguards. More so, you take the time to educate and train your employees on security awareness on a regular basis. You take a proactive stance against security, ensuring it becomes a company-wide effort and engaging all users in preventing and responding to security incidents. Your demonstrated awareness of the importance of security will serve you well in the event a breach or incident occurs.
Have you figured out where you stack up? The chart below further identifies characteristics and trademarks of these security profiles.
For more guidance on security best practices for hedge funds and private equity, check out these resources:
- Top 10 IT Security Audit Gaps and How to Avoid Them
- Essential Building Blocks to Hedge Fund Cyber Risk Management
- Here Are Investment Managers’ Biggest Cyber Security Fears
Editor’s Note: This article originally appears on Eze Castle Integration’s corporate blog, HedgeIT, here: https://www.eci.com/blog/15700-hedge-funds-and-private-equity-firms-whats-your-security-attitude.html