Within the private equity and hedge fund world, cybersecurity is a growing concern at both the portfolio and management levels. Given the incredible success of alternative investments, fund managers considering how to start a private equity firm or hedge fund often don’t give enough weight to building robust cybersecurity practices. Whether it’s challenging to determine where to start or the fact that cybersecurity isn’t a revenue generating portion of business, the decision to neglect digital security is one many fund managers regret.
When looking strictly at private equity or hedge funds, the most common threat comes from phishing. This is because many of these alternative investment funds are relying on third-party services to churn through and sort enormous amounts of data, which includes confidential information. While strong analytics can generate stronger returns, it also creates a point of vulnerability.
More Vendors Means More Risk
Where the firm previously had a single point of entry, multiple vendors and service providers become independent points of a potential cyber breach. This risk can be exacerbated when considering whether or not downstream vendors may work with other third-party groups in turn. More parties involved with sensitive information makes it easier for phishing or wire transfer fraud to take place.
The Smaller the Firm, the More Attractive the Target
Even small firms are not immune. In fact, many hackers specifically target small, one-man shops because the fund manager touches and moves so much money. While giant financial institutions have robust security procedures, small private equity and hedge fund managers likely do not have the infrastructure in place. This makes them exceptionally attractive targets for cyber-attackers. In fact, according to Ray Hillen, a cybersecurity specialist from RFA, wire transfer fraud is one of the most common threats that private equity firms have to deal with. As much as twice a quarter, phishing and wire transfer fraud can total anywhere between $250,000 to $6 million in each attempt.
In the case of withdrawing or moving money, many private equity firms still rely on email verification, which is incredibly vulnerable. When there are a mere four or five parties that need to verify transactions, just a single compromised party can put a transaction at risk.
DDQ, The First Step Towards Better Cybersecurity
In the case of wire transfer fraud and phishing, it’s imperative that firms take a multi-layered preventative approach. It needs to involve user awareness, education, and an authentication process that’s phishing-resistant. The good news is that identifying were user knowledge and procedures need to be shored up can be simplified and standardized with a DDQ, or Due Diligence Questionnaire.
A DDQ provides a standard, reliable way to gauge your firm’s cybersecurity practices, procedures in the event of a data breach, and disaster recovery steps. Creating a DDQ doesn’t necessarily have to be done completely in-house either. Agio, a specialist for IT outsourcing for hedge funds and private equity firms, can help create and execute a DDQ. As a cybersecurity specialist within the financial services world, Agio can also help ensure that a firm meets and exceeds even the most stringent of regulatory requirements.