5 Critical Cyber Security Measures for Hedge Funds

While not more than two years ago, hedge fund managers were getting by with just a cursory nod to cyber security, the past year has seen the pressure build intensely on these firms. While funds move their operations to the web and cloud platforms, hackers have started targeting them with sophisticated new attack methods. Government agencies, concerned about the potential for these criminals to sabotage global finance, are demanding stronger defenses.

It all leaves hedge funds in a tight spot – wondering how to get started on their initiatives and make the most of the investment. To help you figure it out, we’ve put together this list of five critical cyber security measures for hedge funds to take to boost their cyber security.

1. Get a vulnerability and risk assessment.
Before any company can build a plan for protection, the leadership needs to understand what it is they are protecting. This is something that’s unique to every organization and based on its network structure, technology assets, and data. Working with an experienced third-party vendor to assess your security needs and help you prioritize your efforts is a great first step.

2. Educate and test employees.
Everyone on a hedge fund manager’s team has a role to play in the protection of sensitive data. Structuring a well-defined privacy policy and offering privacy training are critical. You can test your team’s skills with third-party assessments focusing on social engineering. With phishing being a particularly common attack type at financial firms, you’ll want to be sure your assessor is using the latest phishing assessment techniques.

3. Get SEC compliant.
The SEC is pushing hard for hedge funds to meet the security requirements they have adopted from the NIST. An experienced third-party consultant who understands both NIST and the finance sector is your best option to get SEC compliant.

4. Close the compliance gap.
While compliance is a strong foundation for a security program, it is not the entire picture. With compliance models averaging two years old, many of the controls are lagging behind today’s standards. To get a sound cyber security program, you need to implement proactive security practices in the areas of monitoring, reporting and auditing. While this may seem like a tall order for a smaller firm, managed security services makes it possible, regardless of a fund’s size.

5. Start pen testing.
You might already use basic scanning software for cyber security, and vulnerability scans should be a part of your program’s routine. However, hackers are now, more than ever, using original methods that these kinds of programs simply won’t catch. The solution is to fight fire with fire, bringing in skilled ethical hackers to conduct pen testing and find exploits before the bad guys do.

Gotham Security specializes in providing the cyber security services a financial firm needs to get compliant and maintain an affordable security program that actually works. For more information on us and our solutions, visit gotham-security.com. You can also start a conversation with one of our experts by contacting us at info@gotham-security.com or 917-734-4120.