Event Notes: Cybersecurity Challenges & Preparedness for Emerging Managers

Cybersecurity is not a subject that comes racing to mind when thinking about hedge funds.  I certainly hadn’t given it much thought before today.  But upon discovering an HFA event on this topic, I was eager to expand my understanding.

Hosted at the British Consulate General in San Francisco, I was fascinated to learn about cybersecurity and some of the real issues that face fund managers today.  Here are my 12 takeaways:

  1. Firms should guard against “Reputational Risk”. i.e. the risk that a client’s trust in a firm or institution is irreparably damaged with a hack.
  2. Even mere pieces of client information is valuable on the dark web, where it can be pieced together to build a more complete, and potentially damaging profile.
  3. The Average hack takes 208 days.
  4. Hackers can potentially frame, bribe, or coerce employees into participating.
  5. Some hacks aren’t what you’d expect.  For example:
    1. One hacker actually took over a corporations’s infrastructure in order to produce Bitcoin.
    2. Another hacker broke into a firms biometric system to add finger prints to the system.
    3. And yet another involved vending machines at a company that uploaded employee information to the cloud without the firm’s knowledge or approval.
  6. Insurance on hacks can be purchased “quite cheaply”
  7. It’s surprising how many people keep passwords in files or documents named, “passwords”.
  8. A specific hedge fund was using cybersecurity as a way to differentiate themselves.
  9. AITEC: This is a society for hedge fund CTO’s.  Who knew?
  10. If you get hacked, contact the FBI right away.  There’s no reason not to.  And there’s a much higher chance of catching the hacker if you do.
  11. The number of “attack surfaces” is multiplying.  Particularly due to smart devices.
  12. Various Recommendations:
    1. Disable automatic links.  That link to 1-800-Flowers you see may be a trap.  Copy and Pasting URL’s creates an extra step with which to prevent hacks.
    2. Use encrypted emails with clients to guard against sensitive information.
    3. Use two cell phones.  One for Uber and one for sensitive information.
    4. Password Keeper has been shown to be an effective tool.