Cybersecurity Strategy: A Quick Guide
When it comes to planning your hedge fund’s cybersecurity strategy, the options can be endless and somewhat overwhelming. Here at RFA, we’ve mapped out a simple guide with key best practices and accompanying action items, so you know exactly what steps to take when designing your policies. Read on to learn more.
Conduct a data protection best practices consultation with your IT provider. Your provider should work with you to address the best ways to keep your firm’s critical data, such as critical investor information, network passwords, and bank statements, secure. This can include implementing staff trainings, password policies, and access rules for certain folders and documents.
Passwords: Recreate passwords every three months, and ensure they are at least eight characters long with a mixture of upper and lower case letters, numbers, and characters.
Personal Information: Limit access to private information and never share it through email or the phone to minimize the risk of phishing.
Limit social media use: If your firm hasn’t blocked social media use, as many financial services firms have, make sure to avoid posting both personal information and whereabouts and downloading files from peer to peer networking sites.
Install a firewall for network security. You should install a dedicated security gateway to protect your firm’s network from unauthorized external threats.
Implement anti-virus software. One of the most basic steps you can take to keep your firm protected is by installing anti-virus software. Next generation antivirus software works to protect against threats in real time and provides more coverage than regular antivirus solutions.
Install secure email. One of the benefits of installing of a secure email solution is to provide an additional layer of security and customer service that general public email providers don’t provide.
Practice secure web browsing. Your IT provider should implement a web content filter that identifies malicious content from websites to minimize potential threats.
Utilize mobile device management (MDM) tools. Mobile device management tools work to protect information that is sent from mobile phones by ensuring the device can be wiped remotely, and by enforcing safeguards that protect private data.
Implement data governance policies. Work with your IT provider to implement data governance and auditing services to be able to track and locate sensitive information on your firm’s network, and ensure that it is only being used for intended purposes.
Make sure your data is being backed up regularly. Ensure that you are backing up your data offsite and using a tapeless method. Offsite tapeless backup provides additional layers of redundancy in the case that any critical information is lost or compromised.