One of the biggest myths that I hear from our customers is that small businesses aren’t as susceptible to security breaches as large enterprises. The truth is, just because you’re small doesn’t mean you aren’t vulnerable. In fact, by 2019, the cost of cybercrime is expect to soar to $2 trillion.

Small businesses haven’t historically been the target of cybercrime, but that is changing: In the U.K. alone, nearly 75 percent of small businesses reported a security breach in 2015, an increase over the preceding two years. Why the change? Hackers prey on small businesses as opposed to larger ones because small businesses tend to have lower security defenses, which includes working on outdated software, often due to lack of financial and human resources.

This shift underscores how critical security is to businesses today. However, that small businesses aren’t at risk for security breaches is only one of the misconceptions I hear from our customers today.

Myth: The cloud isn’t secure

Chances are, if you’re a small business, you don’t have an in-house IT department. You might work with an external consultant, or you might just be doing it all yourself as many small business owners do. For this reason, many small businesses are moving their physical technology infrastructure to the cloud because of the many security benefits it provides. Cloud solutions give businesses peace of mind that their data is secure by providing automatic updates to ensure they are always benefiting from the latest security advances. And because business owners can rest easy knowing that they are always on the latest technology, they can spend their time doing what really matters – growing their business, acquiring new customers, etc.

This kind of always-on security is what drew Romax, one of the U.K.’s leading marketing communications businesses, to the cloud. The company moved to a combination of Microsoft Azure, Office 365 and on-premises solutions (a hybrid model) for enhanced security because it needed to be in compliance with tight information security policies regarding retaining client data. The company’s move to the cloud provided Romax owner Wesley Dowding with peace of mind knowing he could focus on his business. “I can go to sleep at night knowing that if the place went down, we’d still be able to serve our clients and our data is secured,” he said.

Myth: I’m not big enough to be susceptible to security risks

At Microsoft, our customers’ security is always top of mind. That’s why we invest more than a billion dollars per year in security-related research and development and build best-in-class security features into all of our cloud solutions that protect against security risks that small businesses may not realize they are susceptible to, such as:

  • Lost and/or stolen devices: With employees working across multiple devices from multiple locations, it’s not uncommon for devices to get lost or even stolen. Microsoft BitLocker, included in Windows 10, encrypts all data stored on the Windows operating system, ensuring that even if an employee leaves his mobile phone on the bus or has her laptop stolen from her car, the data stored on it remains secure.
  • Employee error: It takes something as simple as an employee opening the wrong mail or clicking on the wrong link to compromise your systems and data. To help thwart the risk of this kind of employee error, Microsoft Outlook comes with built-in anti-phishing detection to help prevent fraudulent email messages from even reaching your employees in the first place.
  • Outdated technology: Running outdated solutions has a significant impact on small businesses – data shows that small businesses that are running the latest technologies can increase their annual revenues 15 percentage points faster and create jobs twice as fast as businesses using outdated solutions. On top of that, a different study revealed that 91 percent of consumers said they would stop doing business with a company because of its outdated technology. With Office 365 and Windows 10, security updates happen automatically so you never have to worry about whether or not you are protected against the latest threats.
  • Weak passwords: Hackers are becoming more and more sophisticated, and if your passwords (and your employees’ passwords) aren’t becoming more sophisticated at the same time, you could be at risk for a breach. Fortunately, Windows 10 users benefit from the Windows Hello & Microsoft Passport features that enable them to replace passwords with biometric authentication such as face, iris or fingerprint identification for greater security.
  • Data backup: Backing up your files can help reduce losses in the event of a physical security breach – like a break-in at your office or stolen devices – and get you back up and running quickly. Microsoft OneDrive for Business – included in all Office 365 commercial plans – provides a secure place to store documents in the cloud so you can always access them from anywhere or any device – even when you’re offline.

Myth: If I haven’t been compromised yet, what I’m doing is probably enough

Security experts like to say that there are two kinds of businesses in the world today: Those that have been hacked and those that don’t know they have been hacked yet. Data from a recent cybercrime study proved this to be true: according to the Ponemon Institute, it takes – on average – 170 days to detect a malicious attack.

It was just such a situation Chelgrave Contracting, an Australian maintenance and labor hire company, found itself facing. The company’s General Manager, Greg Scott, discovered the company’s antivirus software had expired six weeks before without triggering an alert. The lapse prompted a minor virus attack, with only luck preventing the company’s PCs from develop a major virus outbreak, Scott says.

Chelgrave turned to Microsoft Intune, which includes endpoint protection built on Microsoft’s powerful Malware Protection Engine, enabling Scott to provide all Chelgrave PCs with real-time security updates. Remote and mobile employees now receive these updates simply by connecting to the Internet, ensuring their laptops retain the highest levels of protection.

This example underscrores the importance of not letting your security lapse – after all, security breaches can be devastating to small businesses – and making sure you are using the right technology, like Windows 10, Intune and Office 365, that protects you 24/7.

Truth: Security is vital to small business success

Security will continue to play an increasingly vital role in the success of SMBs, which are targeted by hackers now more than ever before. Taking basic steps will make your business safer, but using Microsoft technology allows a business and its employees the peace of mind that their data — their own and clients’ — is secured.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from Microsoft. SOURCE

The financial services industry has long been a heavily targeted sector by cyber criminals. The number of attacks that involved extortion, social-engineering and credential-stealing malware surged in 2015. This means that these institutions should strive to familiarize themselves with the threats and the agents behind them. Here are 7 new threats and tactics, techniques and procedures (TTP’s) that security professionals should know about.

Extortion

The cyber criminal Armada Collective gained notoriety for being the first to utilize distributed denial-of-service (DDoS) attacks. This occurs when multiple systems flood a targeted system to temporarily or completely disrupt service. They evolved the idea further and started to extort Bitcoins from victims who were initially notified of their vulnerability. If they didn’t comply with the ransom demands of the criminals, they would flood their systems until the victim’s network would shut down completely.

Social media attacks

This involved criminals using fake profiles to gather information for social engineering purposes. Fortunately, both Facebook and Twitter began to proactively monitoring for suspicious activity and started notifying users if they had been targeted by the end of 2015. However, you should still have your guard up when someone you don’t know, or even a friend or colleague, starts asking you suspicious questions.

Spear phishing

Phishers thrive off familiarity. They send out emails that seem to come from a business or someone that you know asking for credit card/bank account numbers. In 2015, phishers went to the next level and began whaling. This normally involved spoofing executives’ emails (often CEO’s) to dupe the finance departments to transfer large sums of money to fraudulent accounts.

Point-of-sale malware

POS malware is written to steal customer payment (especially credit card) data from retail checkout systems. They are a type of memory scraper that operates by instantly detecting unencrypted type 2 credit card data and is then sent to the attacker’s computer to be sold on underground sites.

ATM malware

GreenDispenser is an ATM-specific malware that infects ATM’s and allows criminals to extract large sums of money while avoiding detection. Recently reverse ATM attacks have also emerged, this is when compromised POS terminals and money mules to reverse transactions after money being withdrawn or sent to another bank account.

Credential theft

Dridex, a well known credential-stealing software, is a multifunctional malware package that leverages obfuscated macros in Microsoft Office and extensible markup language files to infect systems. The goal is to infect computers, steal credentials, and obtain money from victims’ bank accounts. It operates primarily as a banking Trojan where it is generally distributed through phishing email messages.

Other sophisticated threats

Various TTP’s can be combined to extracted data on a bigger scale. Targeting multiple geographies and sectors at once, this method normally involves an organized crime syndicate or someone with a highly sophisticated setup. For example, the group Carbanak primarily targeted financial institutions by infiltrating internal networks and installing software that would drain ATM’s of cash.

The creation of defensive measures requires extensive knowledge of the lurking threats and our team of experts is up-to-date on the latest security information. If you have any questions, feel free to contact us to find out more about TTP’s and other weapons in the hacker’s toolbox.

Published with consideration from TechAdvisory SOURCE

Employees are on the front lines of information security. The more that can be done to regularly educate yourself of the small things you can do can go a long way towards protecting your organization.

Since it is the beginning of the year, many people are returning to work and trying to get out of “vacation mode.” (Us too!) We’ve decided to outline some tips to help you throughout the year to stay safe online while protecting your company in the process.

General Best Practices

  • Avoid providing personal information when answering an email, unsolicited phone call, text message or instant message.
  • Never enter personal information in a pop-up web page or anywhere else that you did not initiate.
  • Keep security software and all other software programs updated.
  • Cyber Security Best Practices

  • Phishers will try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from IT. Be sure to contact your IT department if you or your coworkers receive suspicious calls.
  • Don’t leak intellectual property- even accidentally. Sharing a picture with a whiteboard or computer screen in the background online could reveal more than someone outside of your company should see.
  • Report security warnings from your Internet security software to IT immediately, chances are, they aren’t aware of all threats that occur.
  • If traveling, alert your IT department beforehand, especially if you’re going to be using public wireless Internet. If offered, make sure you know how to connect to the company’s Virtual Private Network (VPN).
  • Be cautious of links and attachments in emails from senders you don’t recognize. Phishers prey on employees who open these without checking them out, opening the door to malware.
  • If you’re unsure about an email’s legitimacy, contact your IT department or submit the email to Symantec Security Response through this portal.
  • Online Behavior

  • Don’t steal. Taking intellectual property and releasing professional secrets are likely against corporate policies. Your company may track sensitive documents and you could get into hot water.
  • Read your company’s Acceptable Electronic Use (AEU) policy, and follow the policies for safe use of your devices.
  • When backing up to cloud services, be sure to talk to your IT department first, for a list of acceptable cloud solutions. Organizations can make this part of their AEU policy and make it a fire-able offense.
  • Best Practices for When to Contact Support

  • Call IT before you get in over your head. Often what starts as a simple update can be made more complex by attempting to “fix” the problem.
  • When you Bring Your Own Device (BYOD), ask your IT department if your device is allowed to access corporate data before you upload anything to it. Use authorized applications to access sensitive documents.
  • Learn the process for allowing IT to connect to your system. This can save time when you contact support and they need access to resolve an issue.
  • Learn basic computer hardware terms. This can save valuable time when you contact support and don’t have to describe the “mouse connector-thingy.”
  • Used with permission from Norton by Symantec by Nadia Kovacs

    Every time a stolen laptop leads to a data breach, you wonder why the business involved hadn’t set up any safeguards. When the unencrypted laptop was stolen from a former physician at the University of Oklahoma, for instance, or when a laptop was stolen from insurance provider Oregon Health Co-op containing data on 15,000 members.

    You’d think money would motivate them, if nothing else. In November, EMC and Hartford Hospital were ordered to pay US$90,000 to the state of Connecticut over the theft of an unencrypted laptop in 2012 containing data on nearly 9,000 people. The laptop was stolen from an EMC employee’s home.

    The problem extends far beyond the healthcare industry, too—such as the laptop stolen from SterlingBackCheck, a New York-based background screening service. The laptop contained data on 100,000 people.

    These types of breaches don’t quite grab the same headlines as major cybercrimes and hacking incidents, if only because a thousand employees affected by a laptop theft is less dramatic than 40 million customers at Target. But it’s a lot easier to steal a laptop than it is to hack into a corporate database, so the theft and loss of laptops, as well as desktops and flash drives, highlight the need for enhanced physical security and employee training.

    It’s easier to steal a laptop than to hack a database

    The organizations mentioned here have wised up. A spokesperson for the University of Oklahoma said it has launched an encryption program and new training for employees when it comes to handling sensitive data.

    SterlingBackCheck said it has updated its encryption and audit procedures, revised its equipment custody protocols, retrained employees on privacy and data security, and installed remote-wipe software on portable devices.

    Another threat to your data is the proliferation of Bring You Own Device (BYOD) policies and mobile workers.Gartner anticipates that half of all companies will have some need for a BYOD policy by 2017. Workers will be using their own devices as well as company-issued ones in the office or on the go. This opens up a new risk if devices are lost or stolen.

    Security firms like Sophos urge companies to put a robust policy in place for the handling of professional devices, including full disk encryption as well as encrypted cloud and removable media. A strong password is highly recommended too, but it’s not enough on its own.

    A greater sense of urgency wouldn’t hurt, either. In Oklahoma, the physician had actually left his position at the university before his personal laptop went missing. He couldn’t say for sure whether it contained sensitive data, but by the time that possibility arose, it was too late.

    In another incident, at manufacturer Tremco, an employee lost a company-issued laptop on a plane. It was several weeks before the employee realized that it contained spreadsheets of personal employee data.

    Encryption, remote wiping, better data tracking

    Companies need to know where their data is at all times—not just what device it is on, but where that device is located physically.

    This highlights the need for remote wiping tools, which SterlingBackCheck has put in place. If a laptop is lost or stolen, the company should have an easy way to remotely wipe the sensitive data to ensure it never leaks.

    Much like large-scale hacking attacks, it’s the consumer or the patient that really suffers when a data breach occurs. The onus lies with the company to handle this data responsibly, whether it’s in the cloud or on a laptop on the bus.

    Published with consideration from PCWorld. SOURCE

    Most business owners have an employee handbook. But when it comes to the online security of their business, often times this portion is either not adequately addressed, or not addressed at all. However, with cyber crimes an ever increasing threat, and the fact that employee error is one of the most common causes of a security breach, it is incredibly vital that your staff is informed of your policies. Here are four policies that every business owner should share with their employees.

    Internet

    In today’s business world, employees spend a lot of time on the Internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. Here are three important ones to keep in mind:

    1. Employees should be using the Internet for business purposes only. While this is undoubtedly hard to avoid without blocking specific websites, having a policy in place should at least cut back on employees spending time on non-business related sites.
    2. Prohibit unauthorized downloads. This includes everything from music to games, and even data or applications.
    3. Accessing personal email should not be done on business devices. If employees must access their own email account during the day, they can do so on their smartphone or other personal device.

    These are just a few Internet policies to get started, but you should also consider including information on your recommended browsing practices and your policies for using business devices (such as company phones) on public wifi.

    Email

    Just like with the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links or perform any type of business-related activities outside of their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, and hence helps prevents spear phishing.

    Passwords

    We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

    Data

    Whether or not you allow your employees to conduct work on their own device, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. That means employees aren’t allowed to remove or copy it without your authorization.

    We hope these four policies have shed some light on best security practices. If you’d like more tips or are interested in a security audit of your business, do get in touch.

    Published with consideration from TechAdvisory.SOURCE

    Potential IT security issues in 2016 – As a small or medium-sized business owner or manager, it’s only to be expected that you want to keep your company safe from cyber attacks and hacking attempts. But how much do you really know about online safety? With massive corporations such as Sony falling victim to attack, cyber security has never been more in the public eye. And that makes it the ideal time to learn just what it is you need to be doing to keep your business secure in 2016.

    If you think that only big corporations and prominent organizations are targeted by cyber criminals, you are making a deadly mistake. It might be tempting to sweep cyber crime under the carpet and assume that you are flying below the average hacker’s radar, but that simply isn’t true. In fact, it’s the polar opposite, since smaller enterprises are actually far more likely to be at risk than larger ones, owing to their typically less sturdy security postures.

    So where does that leave you as a small or medium-sized business owner or manager? Does it mean you need to be taking your cyber security even more seriously? You can bet your bottom dollar it does, as industry experts predict that 2016 is only going to become more of a minefield when it comes to online crime.

    The headline trend that IT security professionals pinpointed this year was that no longer were criminals hacking into websites purely to bolster their bank accounts. 2015 has seen the emergence of another strain of hackers, launching cyber attacks as part of a moral crusade. These people are not purely after money although in some cases this may also be a contributing factor – instead, their claimed motivation is revenge, or righting what they perceive as wrong. It is this diversification in the hacking community that has led security watchers to predict that, as we enter 2016, we are likely to see some different behavior from hackers.
    Among the unpleasant predictions being made, a number of experts agree that hacks of a destructive nature will be on the rise. The fact that hackers are using attacks for retribution rather than simple monetary gain means that a wider cross-section of organizations may well find themselves being preyed upon, all the way from government agencies – traditionally ignored by hackers – to online retailers and other commercial websites.

    Remember when Snapchat got hacked back in October 2014, and the hackers threatened to make public as many as 200,000 photos? Well, the bad news is that apps are going to continue to be targeted. In particular, those mobile apps that request access to your list of contacts, emails and messages can, in the wrong hands, be used to create the kind of portal that enables a cyber criminal to steal data or gain access to a company’s entire network. All this means that in 2016, hackers could be taking advantage of apps to do more than just steal your social media photos – they might have in mind the takedown of your entire company.

    As a local business owner, social engineering – a means of tricking an individual into disclosing revealing or personal information about themselves or their company – is something you definitely need to be concerned about. You might pride yourself on being too savvy to fall for a cyber criminal’s tricks, but what about your employees? Can you be sure that each and every one of them exhibits the same amount of self control, cynicism, and wariness that you do? Not only that but, as we enter a new era of online threats, the criminals that use social engineering are growing in confidence and creativity. Dodgy emails from a bizarrely named sender containing a link to an unheard-of website are yesterday’s news. Modern social engineering is highly evolved and extremely cunning, and has the potential to convince even the most streetwise internet user.

    How confident are you that your entire team of employees would be completely infallible in the face of a stealth attack from a seemingly innocent source? Could you trust them to restrain from divulging not only their personal details but also information pertaining to your company? Multiply the number of employees in your company by the number of phone apps they potentially use, and add to that the fact that any one of them could at any time be targeted by a social engineering scam, and the end result is a less-than-perfect security posture.

    The sad fact is that there are people who want to do you harm – regardless of whether you hold confidential information about celebrity salaries, or are privy to a database full of cheating spouses. People, no matter how well meaning or vigilant, are the weakest link in any security chain, which means that ensuring your business’s safety necessitates educating your staff and ensuring that your network is impenetrable.

    Professional training and a vulnerability assessment are two great places to start, so why not get in touch with us? We’ll make sure your business is as hack-proof as it can be.

    Cloud computing is here to stay, and the buzz throughout industry and government is that hybrid clouds will become the new norm going forward. Hybrid clouds, according to industry experts, can offer the security of on premise, private clouds and the flexibility and agility of commercial public clouds. The Gartner research firm predicts almost half of all large, global enterprises will have deployed hybrid clouds by the end of 2017, with 2016 being a defining year where they will start to move away from private into hybrids.

    As inevitable as the cloud is to most organisations, this migration could challenge the management of identity and access privileges of users on your networks and IT systems. There are a few things to keep in mind as your company decides to push forward into a hybrid cloud and the necessary unified management framework that doing so will require.

    The virtues of virtual private networks

    Virtualization is a means of positioning computing resources (e.g. servers, operating systems, storage, networks) so they may maximise the use of physical computing resources across multiple users. It’s a huge step in the journey toward the hybrid cloud. Thankfully, over the past few years, virtualization technology has expanded from simply running virtual machines on supercomputers to offering all levels and types of virtualized services and networks.

    Moreover, virtualization allows a single physical server to run multiple guest operating systems as a way of making more efficient use of the hardware. The technology allows organisations to free up data center space and achieve greater IT operational and energy efficiencies.

    In fact, many organisations have been engaged in server virtualization projects for a number of years and are moving on to client, desktop and storage virtualization projects. Part of the formula for success is evaluating capacity planning and other infrastructure assessment tools that can give IT managers a sense of their resource utilisation and help them decide which applications to virtualize.

    But like most powerful tools, this is a double-edged sword. Remote access to online resources can effectively negate perimeter defenses and extend the domain of the insider threat worldwide.

    Systems need to be able to authenticate the identity of users, and in some cases also the devices being used for access together with the location and type of networks or resources being used. Only then can access privileges be securely granted, based not only on identity, but also the user’s role in the organisation and the circumstances of the connection. An employee connecting to a system during business hours over a secure network might be given wider privileges than when connecting from the other side of the world in the middle of the night, for instance. Hypersocket Software is introducing a suite of access management tools that provide a common user experience and enable organisations to enforce least privilege policies for remote users.

    The Hypersocket VPN provides a cost effective alternative to IPsec or Point-to-Point Tunneling Protocol for secure browser-based remote access with the ease of use of SSL. It lends itself well to Bring Your Own Device scenarios, because the client has no direct access to the network. The ability to have connections to multiple sites at the same time enables secure access to a corporate LAN and other resources such as a private cloud without the need for a permanent bridge between them.

    The VPN comes in two editions, a free Open Source version that provides basic connectivity under the GNU General Public License v3 and an Enterprise Edition that provides the additional features required by security-conscious organisations. The server can be installed on any operating system supporting Java and client support currently is available for Windows and Apple OS X.

    To enable access, the administrator defines one or more Network Resources using the HSF resource architecture, which identifies individual TCP/IP services that can be assigned to users through their roles.

    The Enterprise Edition adds further support, including support for users logging in from Active Directory, branding, auditing, accessing file systems over WebDAV and extended file system support such as Amazon S3, SFTP. It allows for configurable authentication flows and new authentication mechanisms. An Audit Log records all events, which are searchable by event type, session or user. Reports can be exported as CSV, XML or PDF, and administrators have full control over how long the server keeps the data before it is archived.

    Published with consideration from ITProPortal. SOURCE

    In the current world, business continuity planning (BCP) is imperative to the sustainability of your business. Without a well-thought-out plan in place, it is highly unlikely that your company will be able to survive and recover from disasters. However, there are several major roadblocks to the successful implementation of a business continuity plan. If you’re struggling with BCP, check out our list of some common challenges organizations face, and learn how to address them properly.

    Challenge #1: Prohibitive costs

    Business continuity planning has become exponentially expensive as availability requirements increase. Many solutions require substantial investments on the installation and maintenance of additional hardware, software, and data center infrastructure. These requirements drive up the cost of business continuity, and many company owners are reluctant to invest in protective measures.

    The solution

    Instead of relying on costly physical servers to accommodate your backups, consider using efficient and affordable cloud computing solutions. You can transfer your important business files to the cloud and eliminate the expense of having to install and manage hardware infrastructure and software licenses.

    Challenge #2: High complexity

    Traditional business continuity planning is complex to implement, manage and execute. From managing the recovery infrastructure to updating disaster recovery documentation and testing the BCP to find and close potential loopholes, the prospect of embarking on a BCP project can be daunting, and the whole experience can prove time consuming. Combine with the pressure of your ordinary day-to-day duties, it can seem almost impossible to focus your attention on initiating a BCP.

    The solution

    With all this in mind, it makes more sense to engage with a company like GCInfotech (a professional IT service provider) to plan, implement, and execute your business continuity plan. This way you can leverage our experience and expertise to ensure that, in the event of a disaster, your company will be able to get back on its feet and resume business operations as quickly as possible.

    Challenge #3: Lack of staff involvement

    There are so many requirements to be considered in a business continuity plan. And the more employees your organization has, the more difficult it is to relay the essence of the plan for everyone to understand. Staff involvement isn’t an option – it’s an absolute necessity if you wish for a successful BCP implementation!

    The solution

    Depending on the size of your organization, you can either hold a company meeting to announce the essentials of your BCP, or schedule a meeting with key staff members who take an active role in the planning process. To create a long-lasting BCP program, you need to get everyone on the same page by emphasizing the importance of the plan in an easy-to-understand way.
    Business continuity planning is one of the most important things you need to have in place. You never know when, or in what form, a disaster will strike – all the more reason to take a preventative approach to securing your company and all you’ve worked for.

    Need a reliable partner to take care of all your business continuity planning needs? Get in touch with us today – we have exactly what you need to prepare and protect your company.

    Now more than ever, selecting the right technology is critical to the successful operations of any organization. Given the advances in financial services industry, this is particularly true in the Investment Management and Hedge Fund industry.  The fervent controversy surrounding Michael Lewis’ new book ‘Flash Boys’ illustrates how technology has become the most important competitive differentiator for hedge fund managers.  Selecting the right IT services for hedge funds is critical to addressing investors’ growing desire for secure, robust and reliable infrastructure.

    Below are Six Considerations for Hedge Funds evaluating outsourced IT providers

    1. Quality of IT Consultants

    In today’s environment, your IT provider will be the most important service relationship you will have.  When selecting an outsourced IT provider, it is important to know whom you will potentially be working with. What is the quality of the management team?  Are they seasoned and reputable? What about their support staff?  Are they a skilled technical staff of engineers who can help in all stages of the infrastructure build-out and maintenance?

    2. Breadth of IT Solutions

    A key criterion that any Hedge Fund CTO must consider is the scope of the firm’s service offering and capabilities. Does the IT provider in question offer all of the solutions and services necessary to address the technical requirements needed for your firm to operate effectively, consistently and efficiently? Remember, these needs will vary based on your firm’s specific business requirements.  They can range from private cloud services, backup & recovery services, security, application hosting, business continuity planning, disaster recovery, data storage and mining, telecom services, IT consulting, electronic communications systems and software development.

    3. Industry-Specific Deployment Expertise

    Specialization is critical.  Make sure you find out if the service provider possesses deep experience in deploying enterprise solutions and services in an investment management environment. What is the scope of this experience?  Do they have a wide range of experience having worked with small start-ups as well as larger, well-established firms? IT firms are a commodity so be sure to select one that is experienced in deploying systems that are specific to your industry with a track record to prove it. Check references of past clients and ask for examples of clients whose technical needs and scope are a match to your firms.

    4. Disaster Recovery approach

    Things happen.  Hurricanes, blackouts, floods, disasters, are all too common.  So it’s important to know the IT firm’s disaster recovery process and procedures. Do they employ proper risk controls designed to allow continued performance and availability? What are their data security and retrieval protocols?  Will the provider ensure that your data is secure, protected, and accessible even in the face of disaster?

    5. Cloud Infrastructure

    Cloud computing has become the de facto infrastructure option for investment firms.  While Cloud services have been in the market for a number of years its still a very specialized and nuanced aspect of the IT service industry.  Be sure to look for a provider that has a robust, scalable and secure cloud infrastructure protocol. As mentioned earlier, Cloud computing for the financial services sector is a specialized skill, so make sure that the firm employs highly trained and certified professionals with experience in financial services operations. As a standard, Tier II or III data centers that are SAS 70 or SSAE-16 certified are a good bet for critical data hosting.

    6. Vendor Partners and Network

    No IT firm does it all.  Any good IT firm maintains key relationships with partner vendors who fill critical service gaps.  This is a simple reality and the quality of these partners – and their relationship with them – is of high importance. Does the firm have strong vendor relationships? Are they the right mix of best-in-class providers for your unique needs? Strategic partnerships with top-tier technology companies are crucial to maintaining a world-class IT environment for your firm.

    ***

    GCInfotech offer IT Services for Hedge Funds and Financial Companies in CT, NY and NYC area. Call us 203 327 5700 to discuss your technology needs.