Cybersecurity is not a subject that comes racing to mind when thinking about hedge funds. I certainly hadn’t given it much thought before today. But upon discovering an HFA event on this topic, I was eager to expand my understanding.
Hosted at the British Consulate General in San Francisco, I was fascinated to learn about cybersecurity and some of the real issues that face fund managers today. Here are my 12 takeaways:
- Firms should guard against “Reputational Risk”. i.e. the risk that a client’s trust in a firm or institution is irreparably damaged with a hack.
- Even mere pieces of client information is valuable on the dark web, where it can be pieced together to build a more complete, and potentially damaging profile.
- The Average hack takes 208 days.
- Hackers can potentially frame, bribe, or coerce employees into participating.
- Some hacks aren’t what you’d expect. For example:
- One hacker actually took over a corporations’s infrastructure in order to produce Bitcoin.
- Another hacker broke into a firms biometric system to add finger prints to the system.
- And yet another involved vending machines at a company that uploaded employee information to the cloud without the firm’s knowledge or approval.
- Insurance on hacks can be purchased “quite cheaply”
- It’s surprising how many people keep passwords in files or documents named, “passwords”.
- A specific hedge fund was using cybersecurity as a way to differentiate themselves.
- AITEC: This is a society for hedge fund CTO’s. Who knew?
- If you get hacked, contact the FBI right away. There’s no reason not to. And there’s a much higher chance of catching the hacker if you do.
- The number of “attack surfaces” is multiplying. Particularly due to smart devices.
- Various Recommendations:
- Disable automatic links. That link to 1-800-Flowers you see may be a trap. Copy and Pasting URL’s creates an extra step with which to prevent hacks.
- Use encrypted emails with clients to guard against sensitive information.
- Use two cell phones. One for Uber and one for sensitive information.
- Password Keeper has been shown to be an effective tool.