Drawbridge knows a thing or two about mitigating cyber risks among Hedge Funds.
Drawbridge is the leading cyber provider among Alternative Investment Managers, serving over 1,000 clients. Read the three most commonly overlooked cyber risks that Drawbridge typically finds and helps solve when engaging with new Hedge Fund clients.
- Limit access from personal emails
Of all our Hedge Fund clients, 61% come to Drawbridge with personal email access policies that leave them vulnerable to a cyber attack. Personal emails often lack strict security measures more typical among corporate email accounts, like encryption or multi-factor authentication. The lack of these controls makes it easier for criminals to gain unauthorized access. With this access, an attacker can lock the account holder out and use the email to access more private data, like financial records.
Addressing this risk requires you to:
- Set strict rules and controls regarding personal email use.
- Severely limit system access to personal email accounts.
- Educate employees on the warning signs of phishing scams and other common attacks.
Download PDF: Drawbridge User Awareness and Training
- Identify and prohibit the use of unauthorized file-sharing programs
Using unauthorized file-sharing programs is common. However, such programs can exfiltrate, or steal your data, and introduce malware into your system. In fact, 55% of our Hedge Fund clients come to Drawbridge with vulnerabilities regarding the use of file-sharing solutions.
To protect your data from vulnerabilities introduced via unauthorized file-sharing programs, consider:
- Creating a detailed inventory of all data and data sources.
- Assessing the cybersecurity practices of individual staff members.
- Block employee access to unauthorized file sharing solutions while working from the office or remotely.
Read: How a Cyber Risk Assessment helps Emerging Fund Managers meet compliance requirements
- Reduce or eliminate use of public WiFi by staff members
Public WiFi networks are often unencrypted, making them vulnerable to attacks where cybercriminals intercept any data transmitted over the network. Such exposure of sensitive financial information can lead to compromised login credentials and other major data breaches.
Additionally, attackers can set up fake WiFi hotspots to trick employees into connecting, further increasing the risk of data breaches. Drawbridge sees that 61% of our Hedge Fund clients have pitfalls in their cyber program pertaining to the use of public WiFi by staff members that leave their firm more vulnerable to a cyber attack.
To mitigate the risk of public WiFi , consider:
- Setting clear policies on the use of public networks and devices.
- Deploying dedicated hotspots for critical staff within the firm to isolate work activities from unsecured networks.
- Using password protected mobile hotspots whenever possible.
- Implementing additional cybersecurity measures for mobile devices, such as virtual private networks (VPNs).
Read: Top 10 Essential Data Security Tips for International Business Travel
Recommended next steps — Complete an independent Cyber Risk Assessment with Drawbridge.
The first step to improving your hedge fund’s cybersecurity strategy is a comprehensive CRA from Drawbridge. With a CRA, you can identify key vulnerabilities in your existing system and choose which areas to prioritize for remediation with the guidance of Drawbridge’s Advisory Team.
Download PDF: Drawbridge Cyber Risk Assessment
Speak with a Drawbridge representative to get started.