Recent news about Facebook will make investment operations managers double check how secure their middle- and back-offices are.
Misuse of data taken from Facebook users without their knowledge raises questions about the security of our personal information in the cyber world, and as operations manager, you want to ensure that sensitive information of your clients isn’t compromised either.
Sadly, what’s happened with Facebook isn’t the first instance of a data breach, and it may not be the last.
But hedge funds, family offices, and wealth and asset managers can do their part in preventing themselves and their clients from being victims.
Investment Management Operations Security Best Practices
Change Passwords Regularly
Some website security experts will say you should change your password 2-3 times a year and others will suggest “several” times each year. If you ever suspect your password could be floating around, change it immediately.
However often you choose, do change your passwords frequently enough.
Change Passwords When an Employee Leaves the Firm
If one of your middle- or back-office staffers has left the team, they’ll likely know the passwords to access sensitive files. While it’s unfair to assume every former employee will do something maliciously with client data, it’s still not worth the risk to think you can leave all the passwords as they are.
Follow best practices and change passwords immediately.
When Changing Passwords, Create Unique Ones Each Time
It’s common to simply add an extra number at the end of your password every time you change it, but if you change your password from “blueberry!@1” to “blueberry!@2”, it’s not that hard for a hacker to figure out the possibilities.
Now if you change your password from “BlueX1!berry@” to “0c3anBloo!@%x”, then it’s not so easy to guess.
Require Passwords to Log On to Office Computers
When turning on the computer, a password should always be required for use, and that includes when the desktop is idle for a specified period of time. In a worst-case scenario that your office is burglarized, you don’t want a criminal to easily access private information without a password.
If you can’t stop a break-in, at least make it hard for the bad guys to get hold of sensitive data.
Make Sure Your Anti-Virus Software Is Updated
New viruses regularly threaten computers, and the moment a new one has been discovered, your hardware could be at risk.
Check for updates regularly, and don’t wait to find out what could happen if you aren’t on the latest version.
Consider the best antivirus software for 2018.
Monitor Employee Computer Activity
Employee monitoring software is a good way to ensure that sensitive data is not being misused. Not only will you better track the information, but your team members will be more productive knowing they are being closely watched.
As an example, you don’t want team members taking secret information and transferring it to their personal cloud or Google drive.
For extra measure, install security cameras in your office.
Have Secure Networks
If your company is using WiFi, it should always be password protected. If you’re using a wired network, make sure it’s physically secured and that the proper firewalls and encryption capabilities are in place to prevent your network from hackers and exposure to the public.
Regulate Your Employees’ Usage of Personal Electronic Devices
Another way to prevent data breaches is by regulating staff members’ use of personal electronics while in the office. Establish rules stating that personal smartphones and tablets can only be used outside the office ensures photo or video of sensitive records will not occur.
Also, don’t forget about personal storage devices like USB flash drives and blank CDs.
With safety measures in place, it’s a good idea to have these best practices as a company policy. You can read more about creating cyber security policy for staff members in one of our previous blogs.
Ensuring Middle- and Back-Office Operations Security
By acknowledging that data breaches are a reality and a threat to any investment management firm, you recognize that steps must be taken to protect your company.
By following a list of best practices ranging from password protection to secure networks, and from monitoring systems to regulation of personal electronic devices (all according to policy you created), you are taking all the proper precautions in preventing hackers from harming the most treasured part of your business: your clients.
Empaxis is a leading provider of middle- and back-office outsourcing services
for family offices, hedge funds, wealth and asset managers.