Cybersecurity is everywhere. Hardly a day goes by without another security breach being reported. Large retailers, small municipal governments and even individual private citizens are all equally targeted by computer hackers. It has become so common that the smaller breaches are often relegated to the back pages of the news. Many serious breaches get no coverage by the mainstream media at all, and are left for the bloggers and the tech news sites to cover. It seems that only the largest scale cybersecurity breaches and leaks make it to the front page.
The increasing number and frequency of these events have changed the way we conduct our daily lives. We think about credit card security differently when we shop at major retailers, we create more complex passwords when we logon to banking websites and we are automatically suspicious of emails that claim to come from financial institutions.
Consumers are not the only ones taking notice of the increased number of threats. Government and regulatory agencies such as the US Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA) have released several alert bulletins and sets of guidelines, indicating their heightened awareness and interest in the threats. These latest alerts are in addition to existing directives such as Reg S-ID that provides directives on preventing identity theft and Reg S-P that addresses the need for written policies and procedures. The message is clear – Investment Managers must take a serious look at their business practices and take significant steps to protect client data.
At Clarity Capital, our focus is our clients. They are the key to our success and our clients’ trust is the basis of our relationship. We work hard to earn and keep that trust and our resulting commitment to our clients goes beyond the investment side. We closely monitor the cyber threat landscape and its relevance to our organization. In response, we have adopted a standard program that incorporates people, process and technology to create a holistic solution.
Beginning with technology, we have invested in systems and technology that enhance our internal and external safeguards, beyond what the regulators require. These technologies help mitigate the threat of our systems being breached and stop threats from the inside leaking out.
However, technology solutions cannot fully defend us from the risk so we have a parallel focus on internal processes to ensure the proper handling of sensitive data and prevent data leakage or breach. We have implemented clearly defined workflows that control how data is handled, who has access to what data, and when they have access to data. We review these processes regularly and make adjustments according to the business's needs.
Finally, we recognize that the people in an organization are generally considered the weakest link in the cybersecurity chain. Having a robust, secure perimeter and locked down infrastructure is important, but if one user unknowingly clicks on a bad link in an email or opens a malicious attachment that downloads a harmful payload, it can have a quick and damaging effect on any organization. We work hard to raise awareness amongst our people of the real threats they are exposed to every day. As CTO, I often receive forwarded emails from employees, asking if the email or embedded link is authentic or not. That type of vigilance goes a long way to maintaining a secure working environment.
In short, the problem of cyber security is not going away, it is just getting worse. In 2014, FBI Director
James Comey stated on the program “60 Minutes” that “there are two kinds of big companies in the United States. There are those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese.” Clearly, the risks are real and firms of any size must take serious steps to acknowledge the threat and take action to mitigate the risk. At Clarity Capital, we continue to take enhance our efforts to enhance our security and our vigilance.
Our Clients deserve no less.