As the sophistication of cybercriminals continues to grow, so does the frequency of their attacks.
These attacks not only threaten the privacy of your clients and the integrity of your data, they can also have significant financial, brand, and regulatory impacts on your firm.
Research from Deloitte details the risks:
- The average cost to an organization for a single cyber incident now exceeds $1 million, including the financial impact from lost revenue, loss of intellectual property, fines, etc.
- Sixty-five percent of customers affected by a data breach lost trust in the offending organization. Moreover, 33 percent of people discontinued their relationship with the organization after a cyber breach.
- Enforcement actions by regulators are increasing, primarily related to the mismanagement of personal information. For example, fines can go as high as four percent of the annual revenue for non-compliance with the General Data Protection Regulation (GDPR).
This blog post provides insight into the role a technology partner can play in keeping your firm cyber-safe and details actions you can take today to understand the level of security your technology vendor provides – and if it is enough for your firm.
With Outsourced Investment Management Solutions on the Rise, Technology Vendors Play a Key Role in Mitigating Security Risk
Research by Aite-Novarica Group reports that many investment firms have migrated from proprietary to outsourced technical solutions seeking increased efficiencies and cost savings. With outsourcing on the rise, technology vendors are playing an increasing role in keeping your data and your business safe. It is critical that you work with a trusted partner, one with the experience and resources to keep your data, client information, and internal systems secure.
How to Assess the Security Capabilities of Your Investment Technology Vendor
1. Recognize the Importance of ISO Certification & Ensure Your Technology Vendors are Certified
In a time when data breaches and cybersecurity threats are on the rise, an ISO-certified technology partner is good to have. ISO Certification is an international standard that demonstrates a company’s commitment to security and mitigating the risk of cyber threats.
SS&C Eze is ISO 27001 certified, including the controls for ISO 27017, ISO 27018, and ISO 27701. ISO certification validates that our information security system infrastructure and operations have met the highest global standards for security.
2. Prepare for the Unexpected: Vet Vendor Crisis Preparedness
One of the central tenants of information security is availability – your systems’ ability to remain secure and functional regardless of the circumstances.
Disruptions can come in the form of cyberattacks. But natural disasters, like hurricanes, snowstorms, and extreme heat can also leave you vulnerable to security threats. If your technology provider is not prepared for the unexpected, it can lead to downtime, data breaches, and potential losses.
To ensure your vendor is ready for worst-case scenarios, ask about their Business Continuity Plan (BCP) and crisis response plan. In addition to understanding their plan, it is essential to make sure it is updated and tested regularly. Part of this plan should also provide resources you can use if you are unable to reach the right team members in an emergency.
In addition, be aware of the systems and technology your vendor has in place to mitigate serious hardware issues. Redundancy, failover, firewalls, and proxy servers are important methods of ensuring system availability. Be sure your vendor has incorporated these and other safeguards into their operation.
Ultimately, your vendor’s BCP, as well as systems and processes, should provide assurance that the technology systems you rely on will remain available, performant, and secure under all circumstances. If your vendor can’t provide that guarantee, you should question their preparedness.
3. Make Data Confidentiality a Priority: Ensuring Adherence to Privacy Best Practices
To start your evaluation, look at how your technology vendor complies with privacy regulations, industry standards, and best practices.
At a base level, your technology partner should comply with mandated privacy requirements, such as the E.U.’s General Data Protection Regulation (GDPR) and other regulatory or governmental privacy-specific regulations that are pertinent to your region.
Your client’s data is one of your most valuable assets. But it’s not always easy to know whether your technology vendor adheres to best practices that keep client data safe.
In addition to GDPR, learn what your vendor is doing to ensure the consistent, accurate, and trustworthy handling of client data throughout its lifecycle. Specific measures to maintain data integrity involve using strong access controls and permissions so data cannot be changed by unauthorized individuals. Your technology vendor should also have a robust program for continual employee training on the proper way to handle data.
Lastly, vendors should employ a strong practice of data encryption and be able to support additional security measures for certain highly sensitive documents.
Once again, internationally recognized certifications, such as ISO 27001 certification, can indicate that a vendor has been able to prove to independent standard-setting auditors that data privacy and security standards are upheld throughout the organization, from systems to operations practices.
Get Started Today: Choose a Partner You Can Trust
Cyber threats are a very real concern for investment managers doing business today. Taking a passive approach could lead to data and privacy breaches and system downtime that not only impact your operations but harm your firm’s reputation.
A better approach: start taking specific actions today that proactively combat these threats.
The first step toward safety and security is confirming your technology vendors are partners who will support you in your mission of cyber safety and security.
At SS&C Eze, security isn’t just something we talk about. It’s integrated into everything we do.
SS&C Eze attained ISO 27001 certification in 2017 and has successfully completed annual surveillance and recertification audits each year since.
SS&C Eze maintains a comprehensive and regularly tested BCP, as well as complies with all mandated privacy requirements, such as the E.U.’s General Data Protection Regulation (GDPR) and other regulatory and governmental privacy-specific regulations. Employees are trained in security, and we closely follow recommended security practices, such as threat modeling and security gates during our development process.
Backed by one of the largest financial technology companies in the world, SS&C Eze has the resources and knowledge needed to help keep our customers successful. For over 25 years, Eze has been serving the investment community. We are experts in financial technology, and we have an in-depth understanding of our clients’ businesses – and how technology can improve their safety and their operations.
To learn more about how your firm can meet the challenges of today’s cyber threats, download our Cybersecurity Best Practices Whitepaper.