Most investment managers aren't willing or able to talk on the record about their online security measures.
The problem with discussing cybersecurity is that, when a company discusses its efforts, it immediately become a target of hackers.
However, one money manager executive — who agreed to speak under the condition of anonymity — said his firm has been putting a considerable amount of resources into cybersecurity. The executive said he couldn't quantify the amount.
"We've made significant investments in this space," said the executive.
It's important to ensure appropriate identification and access controls exist, he said, as a hacker can easily obtain an employee's username and password if the employee isn't careful.
This firm also hires outside parties to test its security "all the time." This includes identifying where its employees create leaks or gaps in its security.
One thing the firm does internally is, when applications are deployed within its cloud infrastructure, the company provides a much higher level of activity-based security. So, when an employee has access to accounts, they can only look at certain fields within certain accounts. Limiting each employee's access prevents a potential hacker from having full control of the entire system.
"That gives us more granular control over our environment," he explained.
The firm is also introducing machine-learning capabilities — identifying patterns and flagging irregularities — into the mix.
