For asset managers, the past 18 months have been a rollercoaster ride as the pandemic has forced them to embrace new ways of working.
The implications have been profound as it has become more critical than ever for management firms to offer staff – everyone from portfolio managers to back office teams – the ability to access essential systems remotely. Many firms which were unable to do this initially have found themselves scrambling to update their technology. But the surge in home working has also fuelled mounting fears over cybersecurity.
How can asset managers ensure their systems are as safe as they can be from the prying eyes of unwanted guests or from hackers seeking to disrupt or inject ransomware?
“Businesses have increased the number of opportunities for cyber attacks massively, because every single device being used outside of traditional office network is of course an opportunity for cyber breach in essence we have decentralised cyber security,” says George Ralph (pictured), global managing director of RFA, an IT consultancy, which specialises in the alternative investment sector.
Without the protection offered by a corporate firewall in an office where data is held on physical servers, the “attack surface” for individual firms has increased dramatically. Hackers can now penetrate a corporate network by targeting an individual smartphone or laptop being used by an employee at home, with potentially devastating results.
Ralph says: “Most people are aware of that now because we’ve been in this situation for about 18 months. What is apparent is that the level of cyber attacks and breaches has increased significantly, so firms must review their original remote working solutions to ensure their cybersecurity strategy is robust for the long term hybrid working environment.”
During the second quarter of 2020, IT security firm McAfee recorded a 605pc increase in cyber attacks. The attacks increased again by 240pc in the third quarter and by 114pc in the fourth quarter of the year as hackers launched an unprecedented onslaught against more vulnerable organisations.
Long-term thinking needed
Ralph says that asset managers need to be thinking about how to prepare for the future as this new world of hybrid work is clearly here to stay. That means firms need to consider whether they have the right technology stack and security measures in place to support their activity for the long-term.
“It will be interesting to see how the hybrid working model plays out. At the moment, it doesn’t really look like many people are going to go back to the office five days a week,” says Ralph. “So how do we secure these distributed networks? We have to decentralise our cyber security so that it works across every single endpoint, because we have moved away from that office-based firewall approach.”
Part of the solution, of course, lies in educating employees to take extra precautions when handling sensitive data – for example by not using certain applications which may pose an extra threat when used on a home wifi network.
Collaboration tools like Teams or Sharepoint are likely to be more secure than sharing big files via email or applications like DropBox. But asset managers also need to ensure they have the right software, cloud provider and data management strategy in place to support their business – and they need to think about forging a new BCP plan in the event of a cyber breach. That creates new challenges communicating with the workforce in the event that their systems are compromised or infected with malware.
Founded in 1989 RFA, which has over 800 clients globally split fairly evenly between hedge funds and private equity, is an expert in this field. The firm has its own dedicated Security Operations Centre (SOC) designed to monitor suspicious activity on all of its clients’ networks 24 hours a day, 365 days per year.
Typically, this kind of service is provided by an outsourced third party provider but RFA offers its own in-house managed detection and response service for clients.
Ralph says: “The Security Operation Centre monitors our client’s networks and looks for any anomalies. It will raise an alert to RFA and the clients saying: ‘Look, something is happening on this network that doesn’t normally happen’. That is a preventative measure to try and reduce the risk of cyber attack by blocking the potential breach before it gets as far as your network.”
Data management is key
For asset managers, there are few technological priorities that are more important than having the right data management strategy in place, he says.
“Once you’ve got your data, we can help you store it, we can help you keep it safe. That’s where cybersecurity comes into it because all of this data is extremely valuable, whether it’s reporting data or client data. Do you understand where your data is, how it is being accessed and what cybersecurity measures you have in place?”
The new world of hybrid work poses other, more complex challenges which technology can help solve. Remote working has allowed businesses to continue operating through the pandemic and offered great flexibility to workers and their employers. But it also poses significant new challenges. Above all, how do firms build meaningful relationships with their clients, investors or business partners at a time when they rarely meet them face to face?
Video calls and collaboration tools can help with this of course. But they only go so far in helping build trust and understanding.
“People aren’t meeting so much at the moment, so it’s about how you use tech to deliver what’s missing in terms of human interaction,” says Ralph, adding that asset managers need to think carefully about how they can best use technology to overcome these hurdles.
Find the right partner
The key, he says, is to find the right outsourced technology provider who can help asset managers navigate all the different options that are available to them. “How are you going to decide from all of the different options available in the market what is going to work for you? What is that outsource partner going to do to support your business? These decisions can have a big impact on your business.”
Technology has allowed firms to keep operating throughout the pandemic with surprisingly little disruption, but now they need to think ahead to ensure they have the right systems in place and are correctly configured for the future.
George Ralph, Global Managing Director & CRO, RFA
As Global Managing Director and CRO of RFA, George Ralph is a technology and business leader with a proven track record of strategic alignment, process improvement and guidance. Having been both a COO and a CTO of his own technology firms over a nineteen-year period, he looks to provide transparent guidance to every business he serves and the people he leads. George has extensive delivery and technical experience in cloud and data architecture, large-scale migrations utilising leading technology brands and IaaS offerings. An Assessor for the British Computer Society (The institute of IT) and a Certified IT professional, George is keen to ensure that the RFA gives its clients the highest levels of service.