Author Archives: Thrive

The cloud is growing up. It’s past infancy when it first started getting noticed, and it’s well-beyond those teen years when everyone was trying to figure it out. According to a Forrester report, the cloud has finally entered its “young adult years.” This is when things get serious—and adult decisions need to be made.

So, if you’re taking to the cloud, or even just switching providers, here are six questions that you need answered, and what to check for on an SLA (service level agreement).

How Should I Migrate?

There are several approaches available, and a reputable cloud provider will walk you through each. Every situation is different, but it could come down to matters of cost, immediacy requirements, and the existence of expensive legacy systems. The three ways most organizations choose to migrate are:

• Lift and Shift: Replicating all on-premise workloads and moving them into the cloud, regardless of compatibility.
• Hybrid or Replatforming: Lifting and shifting some on-premise workloads into the cloud, while keeping sensitive data in a private cloud, or gradually “up-versioning” workloads to take advantage of the new cloud environment and moving over time.
• Re-architecturing: Rebuilding and recoding an organization’s entire infrastructure to have it fully optimized in a new cloud environment, operating as a true “cloud native.”

What Uptime Can I Expect?

The industry standard for uptime is measured in percentages based on how many nines are included. For example, 99% uptime (“two nines”) is the equivalent of three days of downtime per year; however, partner with a provider offering 99.99% uptime (“four nines”), and downtime drops to under 1 hour per year—just a few seconds per day. The provider’s SLA should spell out acceptable (to you) performance parameters, applications and services that are covered, monitoring procedures, and a schedule for remediation if a downtime event does occur, such as a power outage. You should also look for a liquidated damages section, highlighting penalties the provider will incur if the terms of data protection in the SLA are not met.

How is Security Maintained?

Studies show that at least 95% of cloud security failures will be a result of the user, not the cloud provider. However, a reputable, hands-on cloud provider will work with you to perform a vulnerability assessment to ensure your organization is safe. Following the initial assessment, your cloud provider should offer security analytics and ongoing visibility of vulnerabilities through continuous monitoring. This provides a layer of protection against threats, while enabling organizations to better predict, detect, and prevent security incidents. Think of your provider as augmenting your own internal staff, complementing their efforts with even greater security measures.

How Do You Protect from Natural Disaster?

Natural disasters cost the United States economy a record $306 billion last year alone, so never shy away from asking a potential provider about how they’re prepared to protect your data. After all, no matter where your provider’s data center is located, there is always going to be some form of natural disaster, whether it’s a hurricane in the Southeast, a tornado in the Midwest or a wildfire on the West Coast. Questions to ask include:

• What is your Recovery Time Objective (RTO) and Recovery Point Objective (RPO)?
• Do you have an Uninterrupted Power Supply (UPS)?
• Are you a safe proximity from flood zones?
• Are your structures hurricane rated and/or tornado resistant?
• Do you have N+1 redundancy in the event of disaster?

What Compliance Do You Offer?

No matter your industry, you’ll want to be sure your provider has achieved SOC 2 certification, which offers proof that their system is designed to keep sensitive data secure. Other industry regulations you’ll want to look for include:

• PCI DSS for businesses collecting credit card and payment information.
• CJIS compliance for government, state, and local agencies dealing with background history and fingerprints.
• HIPAA/HITECH for protecting the healthcare data of patients.

You may also want to ask potential providers about their understanding of Europe’s GDPR, or Government Data Protection Regulation. GDPR compliance involves a complex set of regulations for organizations operating on a global scale. 2019 is expected to be the year the impact of GDPR is truly felt (and serious fines for not abiding are handed out), so it’s wise to ensure they’re knowledgeable about it.

What If I Choose to Leave Your Cloud?

Some public cloud providers make it easy to move your data into their cloud, but make it extremely difficult to take it out (known as cloud repatriation). We call it the “Hotel California” effect, wherein the provider will hold your data hostage, only releasing it after securing payment of potentially tens of thousands of dollars (often charged per gigabyte, which adds up quickly). Even worse, some public clouds never return the data—at least, not in a usable format. Instead, you may get an excel export of data that’s impossible to work with, requiring it to be completely rebuilt. Be sure to ask providers about their repatriation policy, and get it in writing that the cost will be minimal, and data will be safely returned in the agreed upon format.

83% of enterprise workloads will be in the cloud by 2020. However, this rapid pace of adoption should not have organizations rushing in without a good understanding of what they’re getting into. A reputable provider will be very transparent, providing clear answers to all your questions as well as an easy-to-read SLA. If you’re considering moving to the cloud, or changing providers, contact Thrive. We are Florida’s preferred cloud provider, and we will work with you to make your move seamless, quick, and efficient.

Companies today are utilizing a myriad of innovative technologies that change the way they do business, including robotics, data science, big data, AI and even blockchain.

Although such ground-breaking technologies are becoming widely embraced in many sectors, their connection to hedge fund management, in particular, is still relatively new territory. After all, why would hedge fund managers need to use such technologies?

In short, you can sum up the driving force in one word: efficiency.

Free Up Time to Deepen Client Relationships

The good news is that increased efficiency gained through technology will improve both the cost and quality of your operation.

Unfortunately, many hedge fund firms are spending way too much time managing processes and not enough time managing their clients. Even though freeing up more time to develop stronger and deeper client relationships will take some up-front effort and commitment, many hedge fund managers are facing the challenge.

In fact, a majority (57%) of hedge fund managers are using technology to improve their operational efficiency in response to market disruptions and to avoid falling behind the industry, according to the EY 2017 Global Hedge Fund and Investor Survey: How will you embrace innovation to illuminate competitive advantages?

The survey adds that “recent advances in technology provide creative solutions for hedge fund managers in supporting operating models that add to the bottom line, rather than reduce it.”

In addition, the survey reports that “40% of the more than 100 hedge fund managers surveyed plan to invest in automating manual processes, and more than a quarter (27%) have or will be making investments in AI and robotics to strengthen their middle and back office.”

Robotic Process Automation: A Promising Tool

One promising tool that many firms are interested in adopting and seeing value in is Robotic Process Automation (RPA).

As the name implies, RPA automates routine and repetitive business processes. RPA essentially allows your business to operate better and more consistently by automating processes that occur multiple times each day or each week.

Automating processes like files management and reconciling frees you up to use exception management for priorities that require much more brainpower.

How should a hedge fund approach not only technology — but the right technology — to improve efficiency? And what are some best practices involved in executing an efficiency improvement plan?

Putting Your Process Automation Plans in Motion

Then, once you develop your own unique list of processes you want to automate, follow these steps to set your operational process automation plans in motion:

1. Don’t just list, but fully understand what all of your processes are and which ones are clearly repetitive and may potentially benefit from automation.
2. Document your processes and what they specifically involve.
3. Observe these processes in action and improve the process, if possible, by iterating with the subject matter experts.
4. Grade the processes. Assign rankings based on your own criteria. Questions you may want to consider include:
   • How repetitive is the task?
   • How precise does it have to be?
   • How much creative input is required?
   • How much time will this save by automating?

This approach will help you to determine which processes are truly your best candidates for automation.

5. Consider what are the risks to automating various processes (e.g., think about how a robot would function — could it wrongly interpret something like a phishing email and send it to the wrong location or access the Internet in such a way that’s prohibited in your employee manual?)
6. Research existing software that may work for your identified processes. There are dozens of products currently available, ranging from free to millions of dollars.
7. Other things to consider when selecting software platforms and a third-party resource to help with your RPA project include:
   • Is the task scheduled or dynamic?
   • What oversight would you expect?
   • Do I have the resources to develop this internally?
   • What should the bot NOT be allowed to do? (and what restrictions should I consider)?

Understandably, it might seem daunting to not only take on the task of automating your processes but to decide which technology is best for you and your clients.

Enlisting the help of a skilled IT partner who has demonstrated experience in hedge fund management can help you identify which processes would benefit from automation and assist in executing a plan.

Defining Your Business Strategy in a Digital World

Disruption is here to stay. The key is to leverage the right technology in ways that will provide you with the greatest return on your investment, including much improved operational efficiency for your firm.

Want to increase operational efficiency at your hedge fund? Contact us to explore the possibilities.

Massachusetts-based Thrive Networks signed a deal with the master agent. The 4,000-some Telarus subagents can now sell the managed services of Thrive that include disaster recovery, cloud, security and networking.

Anytime two entities engage in a mutually beneficial partnership, that typically results in a win-win for everyone involved.

As a new member of the UK’s National Cyber Security Centre’s (NCSC) Cyber Security Information Sharing Partnership (CiSP), we can now provide our UK cybersecurity consulting clients an additional “Thrive’ against ongoing cyber threats. In fact, we’re the first managed services provider in the UK alternative investment space to obtain membership in CiSP.

Managed by the NCSC (formed in 2016 and part of the UK’s Government Communications Headquarters, or GCHQ), CiSP provides a forum for cybersecurity discussion as well as a platform for organizations to share intelligence gathered from their own computer networks.

According to the NCSC’s first annual review, tens of millions of cyber attacks are being blocked every week by industry partners who are implementing NCSC’s Active Cyber Defense program.

Ongoing Intelligence Feeds from Various Sources

To effectively manage cyber threats across the globe, Thrive  Technology Group actually receives ongoing information feeds from a variety of sources, including CiSP, as part of our overall client security strategy. They include:

• CERT (Computer Emergency Readiness Team) Division (Carnegie Mellon University)
• SANS Institute
• NIST (National Institute of Standards and Technology)
• eSentire, a commercial feed that provides us with managed detection and response

Cybersecurity is certainly a hot global topic that consistently generates a tremendous amount of “noise” and attention. Being an active CiSP member allows us to:

• Increase our level of intelligence to find out what others in the financial industry are learning about cybersecurity.
• Find out what the UK government is sharing with the cyber community about the latest threats.
• Share our own cybersecurity threat intelligence with CiSP as part of our reciprocal relationship.

Separating Fact from Fiction

Our CiSP membership also allows Thrive to cut through secondary sources including various social media channels like Twitter and the media, in general, to separate facts from fiction to find out what’s really happening in the UK cyber community.

For example, Thrive recently identified a spear phishing email that a client received involving someone impersonating a member of senior management who encouraged staff to buy gift cards for each other. We were then able to tap into CiSP and find out if any other companies experienced this same phishing attempt. Through this collaboration, we were able to supply useful information on the pattern of activity prior to the first attempt.

What Really Mattered to CiSP?

You may be wondering what it took for Thrive to gain membership in CiSP. Although achieving membership status wasn’t a lengthy or complex process, what Thrive had to offer is what really mattered to the CiSP Board of Directors.

Thrive appealed to the CiSP Board because of our extensive cyber presence in the UK. As a result, we can provide new insight and information based on our expertise running a public cloud, along with private networks, all while providing our 60 to 70 UK clients Internet access through our proprietary environment.

In addition to appealing to CiSP’s Board, we received sponsorship for membership from London’s Metropolitan Police. Our close ties to the Metropolitan Police mean that we can now leverage our incident response and business continuity plans by sharing information back and forth with the Metropolitan Police’s cybersecurity team.

This also allows Thrive to more easily reach out to the Metropolitan Police when needed, in addition to our normal UK government agency contacts such as the Information Commissioner’s Office and the Financial Conduct Authority, the UK’s counterpart to the U.S. Securities and Exchange Commission.

CiSP Membership Provides Several Client Advantages

Thrive’s CiSP membership involves several client advantages including:

Short-term Benefits

• Ongoing cyber initiatives based on increased intelligence gathering.
• Improved controls and procedures.
• Increased capability to reduce cyber risk for clients through more available options.
• Increased experience due to tighter relationships with industry peers and how they’re handling cyber threats.
• Well-thought-out security improvements to the cyber environment.

Long-term Benefits

• Ongoing proactive measures to promote high-level cybersecurity awareness (versus a “set it and forget it” approach).
• Thrive’s ongoing commitment to CiSP based on our active involvement which, in turn, ensures continued membership status.
• Thrive’s participation on committees and in various communities related to other active vendors.
• A broad stream of reliable information and intelligence which filters out irrelevant “noise” to determine what’s really making a difference in cybersecurity.

Especially now that Thrive is a member of CiSP, we look forward to learning more about your cybersecurity concerns. We’ll then work together to map out a clear strategy against ongoing cyber threats.  With the help of our increased intelligence gathering capabilities, resulting directly from our CiSP membership, your cybersecurity preparedness will become better than ever.

As you’re probably aware, October is National Cyber Security Awareness Month (NCSAM). With all of the cybersecurity awareness being generated this month, that got us thinking. The posture toward ongoing vigilance against cyber attacks every day of the year—instead of only 31—should be the norm.

Going Well Beyond Traditional Security Measures

The good news is that by being proactive against cyber threats day in and day out, you won’t let your guard down for one minute. Common sense security measures abound, such as using strong passwords, not using the same passwords, two-factor authentication and not using public Wi-Fi.

And while these measures are important, there are much more robust, proactive and holistic cybersecurity measures that will help you avoid becoming compromised.

For example, it’s critical to analyze where the risks are in your business, like:

• Where can you risk losing data?
• What data is important to you? (e.g., personal banking information)
• Where does the risky data reside?

Then, you can work out which systems you need to protect that data in the event of a cyber attack. For example, we employ thousands of sensors that are constantly monitoring cybersecurity threats for our clients around the world 24x7x365.

The Numbers Simply Don’t Lie

Just to provide you an idea of what we’ve been up to since January 1 of this year, consider the following 2018 cybersecurity statistics from Thrive (all figures year-to-date, as of 10/19/18):

As you can see, these numbers are staggering, and the year’s still not over yet.

When it comes to cybersecurity, we understand that you may have highly valid and specific concerns about next-gen antivirus measures or data loss prevention (DLP). However, your initial priority from a holistic standpoint should be to identify the most critical cyber risk that you’re trying to mitigate.

Determine what your problem and concerns are and then move forward to find the right cyber security solution, whether it ends up being a technology, procedure or control. You may even already have the solution in place, but you just don’t know it yet.

In the meantime, numerous websites cover cybersecurity in detail.  Two of our favorites that provide excellent additional sources of information and advice are:

• SANS
• HOT FOR SECURITY (powered by Bitdefender®)

Next Steps with Thrive?

What does cyber security awareness with Thrive look like? First, we’ll work together on a cybersecurity audit that goes beyond cybersecurity, but also covers the type of processing you use and your volume of data. We’ll then present our findings in a detailed report that points out your vulnerabilities. Be prepared though because what we’re liable to find can be quite revealing.

To learn more about obtaining a cybersecurity audit for your firm, please contact us to set up an appointment today.

And by the way, be sure to make cybersecurity awareness a 365-days-a-year commitment. The nefarious people behind today’s cyber threats never rest, and neither should you.

Data protection for manufacturers is not easy. With increased cyber-attacks, regulation changes, shrinking budgets, and a complicated political cross-border environment – data security can feel like just another burden on the IT team.

Today’s growing manufacturing organizations face IT challenges that include increasing costs, evolving business requirements and aging technology. Finding new solutions focusing on ensuring the right processes and technology are in place are important to the growth of many manufacturing organizations. With these in place, attention can be turned to the important business of innovation and attracting/retaining top talent.

Agility In Manufacturing

A manufacturer becomes much more agile through finding solutions that not only improve process but also bring together all the information needed to develop new products faster.  They also want to get them through the supply chain and on to the customer more quickly and cost-effectively.

With malicious insiders, external hackers and natural disasters on the rise, manufacturers must be proactive in protecting their data to avoid losing their competitive edge and credibility in the marketplace.

For many IT departments, dealing with sensitive information and increased regulation around how the data is used and stored has created increased pressure.  With structured and unstructured data – like CAD files, source code, business processes, proprietary systems and formulas being the most valuable intellectual property for manufacturers, finding systems to identify sensitive data is key to protect organizations before a disaster happens.  But for many manufacturers, the solutions are not cost-effective and don’t integrate well with legacy systems.

Out With The Old And In With The New

While finding new data security solutions can be hard for IT teams, the need to keep production running during an upgrade, paired with the uncertainty of what happens when you mix old and new systems can be daunting.

The reality is that a large proportion of manufacturing organizations have some sort of legacy system to maintain. Machines of various vintages and conditions, a Manufacturing Execution System, or an aging AS/400 can create more complexity and the need for comprehensive heterogeneous options as departments try to implement new solutions.

Compliance And Regulation

In the past, manufacturers simply had to pass an occasional audit if regulations were in place. With increased data breaches and the government taking a regulated stance on cybersecurity, manufacturing organizations have had to increase education and implement new regulations and standards that they are required to follow.

With the implementation of GDPR, many organizations are having to find new ways to protect customer data along the supply chain but understanding how the data is used and processed can be complicated.

7 Practical Tips To Protect Manufacturing From Gdpr Fines

The EU General Data Protection Regulation (GDPR) was created to strengthen how organizations handle the valuable personal data they are responsible for, whether they collect and process the data or contract a third party. Below are seven tips to help you get started.

Communicate – Before collecting personal data, explain what data you’re collecting, how you’ll use it, where it will be housed and who it may be disclosed to. If there is a breach, ensure you have a process to let people know within the 72-hour window.

Know what personal data means – GDPR protects people’s personal data. Take extra care of data regarding address, race or ethnicity, age, marital status, political opinions, religion (beliefs or non-beliefs), physical or mental health (including disability), sexual orientation etc.

Uphold individuals’ rights – Individuals are entitled to see what personal data you hold, where and how it is being used. They can also request to be forgotten which means you only have a short period of time to remove their information. Ensure your data is easily found and erasable – even when archived.

Data minimization – Don’t keep personal data for longer than is necessary; make sure that personal data is destroyed securely and in full.

Store information securely – Create new company protocols to increase data security. Use strong passwords and encrypt all personal data held on portable devices (such as laptops, memory sticks, and tablets).

Education – Ensure all employees understand the importance of keeping data safe and secure and what the processes are in regards to sharing and communicating data.

Moving To The Cloud

IT departments looking for technology to support new solutions while navigating legacy systems have found that cloud computing offers some compelling options. Depending on your needs, cloud hosting can help you keep costs down by decreasing your IT spend while providing a more flexible, agile and scalable option.

Cloud services also help to share data securely across platforms and with all partners, contractors, and suppliers while complying with strict regulations. The right service can provide organizations with a detailed audit trail to support demonstrating compliance in minutes.

It’s also important to understand when data is at risk. With ever-more sophisticated hackers going after important data, cloud technology can increase visibility. Utilizing data cloud services provides an easy, flexible, and safe way to control, detect, and respond to threats – both insider and outsider.

Although cloud and data protection technologies cannot solve all of the manufacturer’s challenges, they can contribute to innovative solutions that deliver the right goods to the right place at the right time—as quickly, reliably, cost-effectively, and securely as possible.

How Thrive Can Help

At Thrive, we do the work so you can get back to business. Our data security, data protection, and disaster recovery services provide safe, secure, and flexible controls to protect your structured and unstructured data against insider and outsider threats. With Thrive, rest assured your data is secured wherever it resides and wherever it is shared – across networks, storage, endpoints, or in the cloud – across any operating environment.

Don’t let any disaster or data loss interrupt your business – talk to a Thrive expert today.

While cybersecurity remains a serious consideration for hedge funds, family offices and other asset managers, cyber threats present a unique challenge to today’s private equity firms. As the risk of cyber attacks rises worldwide, the private equity firms that pay the closest attention to how seriously they take such risk stand to gain the most.

As for risk management in general, your potential investors are becoming more and more demanding. By taking a proactive approach to cybersecurity, you’ll ultimately strengthen your investors’ confidence and trust.

In addition to protecting your firm from increasing cyber threats, demonstrating robust cybersecurity can also provide a competitive advantage when attracting investors and help maximize the value of your firm’s portfolio.

Following is some practical advice on how effective cybersecurity can unlock greater funding potential for your firm.

Use a dual strategy when assessing your cybersecurity risk

In order to fully prepare for a mounting cyber threat environment, private equity firms need to employ a dual strategy approach to their cybersecurity measures. First, you need to protect your firm and your investors’ assets. Second, you need to carefully assess the cyber risk at your target portfolio companies.

Protecting your firm and your investors

CSO reported earlier this year that damages from cyber crime are estimated to hit $6 trillion annually by 2021. And according to the Institute of Risk Management, all types and sizes of organizations are vulnerable to cyber risks, not just high profile names that make daily news headlines.

Be especially aware that the threat level extends to your LPs as well. Gone are the days when your LPs only asked general questions about cyber risk. Now, not only do they know the right questions to ask, they also have a better understanding of the answers they’re looking for.

In fact, results from a 2017 Coller Capital survey of 110 private equity investors worldwide indicate that 55% of the LPs surveyed said they expect a serious cyber attack on their firm in the next five years.

There are three primary types of direct cybersecurity threats to private equity firms as stated in the Guide to Cyber Security (British Private Equity & Venture Capital Association):

• Mergers and acquisitions – risk increases as soon as the idea of an M&A is discussed, even privately before any public announcement
• Financial information – targets can be both individuals and businesses
• Dilution of portfolio value – impairments due to an attack can be so bad that they call for an alternative or exit strategy

As you can see, the threats are very real and they’re not going away. Because threats are constantly evolving, you need to be properly prepared on how to challenge them on a regular basis. It’s also important to have an IT partner working with you who understands the changing landscape of what a threat vector is.

Here are some basic steps you can take to protect your firm and your investors:

• First, determine how much cybersecurity really matters to your firm and how your investors are interpreting your level of concern.
• Develop a framework for how you evaluate the basic risks to your business (e.g., strong vs. weak passwords, who has admin rights, etc.) based in part on proven best practices already being used in the industry.
• Clearly identify where you have any existing cyber vulnerabilities (i.e., don’t assume anything; what you believe is secure in your firm—such as login procedures—may actually no longer be as secure as you thought).
• Invest the time to educate and train all of your employees regularly about cyber threats and the importance of taking stringent proactive measures to protect your firm and your investors. Make your employees feel that they’re an integral part of the solution.
• Implement a social media policy that governs what can and can’t be said in various forums. Even seemingly innocent comments can be used against you in both phishing and spear phishing attacks.
• Conduct regular ongoing evaluations of your cybersecurity policies and hold tabletop exercises with employees to simulate potential threats and how to respond correctly.

Bottom line, you need to have the right cybersecurity team in place that constantly evolves, regularly monitors and guides your private equity firm through the ever-changing cyber threat landscape.

Protecting your portfolio company targets

Now that you’re more aware of how to protect your firm and your LPs from cyber threats, what about your portfolio company targets? You certainly don’t want to add a company to your portfolio only to find out several months later that it contains a cyber risk you weren’t aware of, with the end result being a diminished investment. Not only that, you can potentially suffer a loss of reputation as well as legal repercussions.

It’s actually smart to assume from the start that all companies are at risk of a cyber attack, regardless of the type of data they contain. Threats include anything from data theft and destruction to target fraud and everything in between.

According to the Guide to Cyber Security (British Private Equity & Venture Capital Association), there are three key types of information that are known to increase the likelihood of a company being the target of an attack:

• Trade secrets – including intellectual property, business intelligence, and confidential communications
• Consumer data – including financial information and any personally identifiable information, especially data connected to retail organizations
• Government assets or critical national infrastructure – organizations involved in the government and defense sectors

What can you do to help mitigate risk when evaluating portfolio company targets for your private equity firm? Following are three basic recommendations:

• Embed a deep level of cybersecurity into your M&A due diligence process to discover potential issues prior to deal closings.
• Create visibility into the risks facing your portfolio so that you’re prepared to maximize your investment when it comes time to sell your stake.
• Take a systematic look at the cyber risk involved in any potential investments just as you evaluate other key areas of a portfolio company target, such as sales, purchasing, management, and other concerns.

As you can see, it will take some hard work to properly protect your firm and become better aware of cyber threats in your portfolio companies. However, the payoffs from increased investor confidence, and thereby funding, will make all of the effort well worth it.

Need help with cybersecurity? Contact us to learn more about our full-service cybersecurity solutions.

With the adoption of GDPR and the Canadian government providing regulatory support in combatting the threat of personal data protection, it’s a chance for organizations – both big and small – to create their cybersecurity plan to avoid cyber security risks.

What can companies do to recognize and combat cybercrime and improve their cyber-education? Here are some tips and best practices that will help you and your company recognize cybercrime and combat the threats.

1. Keep your team educated on cyber-awareness

Education and cyber-awareness is the best defense against cyber security risks. Management and employees should be trained to understand IT governance issues and control solutions as well as recognize concerns, understand their relevance, and respond accordingly. Firms should also invest in cybersecurity education programs for employees to learn how to protect their computers and personal information and how to be aware of the many hacktivists and cyber-criminals that scour the Web in search of targets and vulnerabilities.

2. Collect and analyze security logs for suspicious or abnormal activities

Your IT team should be actively conducting security investigations, regular audits, log reviews, and easy monitoring.  Any seriously suspicious behavior or critical events must generate an alert that is collected and analyzed regularly.

3. Keep systems and applications patched and up-to-date

Hackers, along with malicious programs or viruses, find vulnerabilities in software that they exploit to access your computer, smartphone or tablet. Installing updates fixes these vulnerabilities and helps keep you secure.

4. Use strong passwords and keep privileged accounts protected

Reduce cyber security risks using compromised privileged account credentials. Create an inventory of accounts, apply change management policies to passwords, and store passwords securely.

5. Ensure strong encryption

Encryption keeps you safe. As the last and strongest line of defense in a multilayered data security strategy, encryption is used to safeguard customer data and help you maintain control over it. Encrypting your information makes it unreadable to unauthorized persons, even if they break through your firewalls, infiltrate your network, get physical access to your devices, or bypass the permissions on your local machine. Encryption transforms data so that only someone with the decryption key can access it.

6. Third-Party Management

Financial institutions should work with vendors to find tools that fit their requirements without the need to hire more IT personnel. Advanced data protection solutions can help to reduce the strain placed on the IT team and the security operations center while keeping an organization’s sensitive information safely under lock and key.

We can help!

In the financial services industry, downtime can be detrimental to your reputation and business operations. Thrive’s backup and disaster recovery solutions can help. Our solutions seamlessly address your backup, recovery, cybersecurity, compliance, security, and archival requirements.

With many major financial institutions including credit unions, insurance, and financial services firms as clients, let us provide you with total peace of mind that your data is securely protected. Start your Thrive experience today.

Click here to read Part 1 and Part 2 of our series: Financial Services: Maintain control of your data in the face of an attack

With its state-of-the-art flagship cloud platform and solutions, InfoHedge is a premier Infrastructure-as-a- Service (“IaaS”) Managed Service Provider (“MSP”) to the financial services industry.

In part one of our Financial Services series Maintain Control of your Data in the Face of an Attack, we discussed the different types of security threats you may face. In part two we will review the regulatory changes the GPDR has created for financial services firms and how the Canadian Government has responded to growing cybersecurity concerns.

General Data Protection Regulation (GDPR)

On May 25^th, 2018, the GDPR came into effect providing EU residents with more control over how their data is used and stored. This new regulation has set the stage for companies across the globe to review their own data protection regulations.

Is the GDPR relevant for non-EU Financial Services firms?

For the financial services industry, the GDPR is very relevant to the client base. Major banks and financial services providers deal with the EU for various purposes, such as facilitating foreign direct investment, managing local investors, and managing transactions between EU citizens/businesses and their counterparts. In each of these cases, the personal data of EU citizens is being collected and processed by a non-EU financial services provider

Data Breach

From a GDPR perspective, personal data breaches must be notified to the relevant supervisory authority no later than 72 hours after the data controller becomes aware of the breach. The Regulation distinguishes between the services being offered by the organization, meaning, essential services such as financial service providers must report cybersecurity breaches to the relevant authority at a national level (Article 33).

GDPR also guides how to handle data breaches. For example, an infection by ransomware could lead to a temporary loss of accessibility if the data can even be restored from a data backup. However, a network intrusion still occurred, and notification could be required if the incident is qualified as a confidentiality breach (i.e. personal data is accessed by the attacker) and this presents a risk to the rights and freedoms of individuals.

If you’re in the process of aligning your financial services firm with the GDPR, especially in terms of data collection, storage and management, contact us for support with GDPR compliance across your systems.

Canadian National Security Concern

Recently, BMO and CIBC-owned Simplii were both hit by a hacker who threatened to release 90,000 Canadians account information. Although the cause of the attack has not yet been released, it has raised several questions regarding server security and third-party contracts. If two of the largest banks in Canada were hit, how would small to midsized businesses stay attack-free?

For this reason, the Canadian Federal Government is rolling out a new cybersecurity strategy designed to better protect the country and its citizens from the growing threat of online attacks and crime. The plan, $500 million over five years, includes a range of initiatives aimed at the public as well as businesses.

“Small and medium-sized Canadian businesses are the backbone of our economy but are also the most vulnerable.” Commented Byron Holland, president and CEO of the Canadian Internet Registration Authority. “Providing these businesses with cybersecurity strategies and resources is essential to holding back the tide of cyber threats.”

We can help!

In the financial services industry, downtime can be detrimental to your reputation and business operations. Storagepipe’s backup and disaster recovery solutions can help. Our solutions seamlessly address your backup, recovery, compliance, security, and archival requirements.

With many major financial institutions including credit unions, insurance, and financial services firms as clients, let us provide you with total peace of mind that your data is securely protected. Start your Storagepipe experience today.

Sources include:

http://business.financialpost.com/news/fp-street/cibcs-simplii-says-fraudsters-may-have-accessed-data-of-40000-client
https://www.theglobeandmail.com/canada/video-ralph-goodale-outlines-goals-of-new-cybersecurity-strategy/
https://www.theglobeandmail.com/politics/article-federal-government-rolls-out-new-cybersecurity-strategy-to-protect/?cmpid=rss
https://betakit.com/canadian-government-releases-details-of-cybersecurity-strategy/