How a DDQ Can Help Alternative Investment Firm’s Cybersecurity

DATE: Oct, 10   COMMENTS: 0   AUTHOR: Allan Azarola

As technology and digital solutions become ever-more sophisticated, cybersecurity requires becomes more complex too. Traditional methods of securing and handling sensitive data fail to address new vulnerabilities or attack vectors that hackers may employ. In addition, an effective digital security approach needs to be both preventative and reactionary. There may come an inevitable day where a firm experiences a data breach, which makes data containment procedures essential to minimize leakage. For alternative investment firms, the threat of a data breach is more than just lost data – it can mean legal investigations, loss of investor confidence, and monetary consequences.

Adopting a modern cybersecurity mindset can be a daunting task for both new and old alternative investment funds. This challenge is so pervasive within financial services that the SEC Office of Compliance Inspections and Examinations (OCIE) issued a formal Risk Alert that warned the industry on its overall digital security deficiency.

So how can an alternative investment firm take the first step towards digital safety? A Due diligence questionnaire (DDQ) can help gauge the health of a firm’s cybersecurity solutions and procedures. However, it’s important to realize that a DDQ is not a one-size-fits-all solution.

An effective DDQ is comprised of customized questions that can provide a detailed way to assess and monitor potential security gaps, lax procedures, or lack of training for all parts of your organization. In addition, the DDQ should also be able to assess risks and vulnerabilities of your vendors too, which is especially important since vendor vulnerabilities are the second most common cause of a security breach.

If the process of creating a DDQ from scratch sounds complicated, don’t worry. Modern problems now have modern solutions. You can rely on a managed IT and cybersecurity expert, such as Agio, to help you create and vet your DDQ. Agio is uniquely positioned to address the specific requirements of alternative investment firms due to its expertise in the space. In fact, Agio offers a comprehensive SEC cybersecurity mock audit service to assess situations and processes that are pressured during a real test.

To help your DDQ creation process, here are some common categories and questions that Agio assesses:

Vendors

  • What sensitive data does the vendor receive today?
  • When did the firm last perform due diligence on its current IT vendors?

Policies and Procedures

  • Are there any information security functions outsourced?
  • What procedures are in place to secure data in the event of a breach?

Physical Security

  • What verification and/or identification is needed to physically access your data centers?
  • How is access to the data center monitored and logged?
  • Are visitors escorted through areas that handle sensitive data?
  • Do you keep visitor logs for longer than 30 days?

Disaster Recovery

  • Do you have a business continuity plan?
  • What is your disaster recovery plan, and when did you last test it?
It's only fair to share...Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin