Reduce the risk of phishing attacks.
Despite the rising profile of phishing, 23% of recipients still open phishing messages and 11% click on attachments, according to Verizon’s 2015 Data Breach Investigations Report. There is a definite need for greater employee education and training, but this must combined with web browser and email protection and policies that prevent employees from installing unnecessary plug-ins or add-ons. As a preventative measure, make sure to scan all email attachments.
Protect your mobile devices.
Mobile devices are a gateway to your corporate network and must be adequately protected. Hackers targeting mobile device browsers can compromise the entire phone bypassing a phone’s many system level security features. Applications infected with malware are on the increase and pose a significant threat to mobile security.
Ensure your cloud is secure.
Cloud services should always be visible to your firm’s IT department, and regularly screened to ensure that security and compliance best practices are being followed. Employee purchased cloud
services are a huge risk to hedge funds, and consumer grade file sync and share services are among the most common services being used. Use a combination of employee education, policy and approved alternatives to discourage employees from using these services.
Be on the lookout for Ransomware.
Ransomware threats are growing, according to Kaspersky Lab in a recent “2016 Predictions” blog post. While the most current mainstream ransomware threats mainly focus on Windows users, ransomware creators are switching their attention to new platforms, with Mac OS X and Linux appearing as future targets. IoT devices are also easy targets for ransomware creators.
Keep your data secure.
With so much data travelling via the internet, ensuring that you take steps to protect it is essential. While encryption remains a popular and effective first step at keeping data secure, newer, more efficient methods are beginning to appear. Due to these advances in data protection methods, hedge funds are beginning to move away from data encryption to a newer form of data security that allows for the complete control of data. Instead of focusing on locking data files in place and controlling specific actions in regards to data access (for example, within the corporate network), this new form of data security focuses on the control of the data itself.