Focus on Funds

Data Protection Is a Top Priority for Funds

For the fund industry, protecting vast amounts of data from unauthorized access and removal is paramount. The January 19, 2018, edition of Focus on Funds reviews how cybersecurity teams are meeting this challenge.
 

Transcript

Stephanie Ortbals-Tibbs, ICI director, media relations: In the asset management industry, data is everything. It’s vital to what we do, and that’s why it’s so important that it be protected. At ICI’s recent Cybersecurity Forum, several experts came together to discuss their experiences, and what some of the most important priorities for the industry should be right now.

Joe Duffy, senior vice president, Natixis Global Asset Management: There’s all sorts of sensitive data throughout the company—there’s employee data, there’s customer data, there’s intellectual property. It’s pervasive, and there are so many ways of moving it—email, file transfers, cloud services, mobile devices, removable devices, USB keys. I mean, you can just print it off and carry it out, too. So, there are all sorts of ways to lose sensitive data.

Ortbals-Tibbs: Tell me about what people need to understand about the role that someone like you plays in protecting data within an organization. What does the landscape look like?

Duffy: The most important thing we’re thinking about is, ensuring that people get access to the data that they need to get their job done. And once we get that, we can build on that and put tools in place to monitor what’s happening with the data—where it’s going, what they’re doing with it, is it appropriate.

Ortbals-Tibbs: And one of the ways that you do that is by thinking really carefully about whether or not employees might at this point need access to data that they previously had. Was there a project that they were working on or something where maybe, at this point, removing that risk would be a good idea?

Duffy: A lot of times, people might be involved in projects where they’re using sensitive data, they’ve got access to sensitive systems, and once that project is over, is it being pulled back?

Ortbals-Tibbs: Another way, of course, is complicated, because it involves blocking—and you’ve talked about how that really involves taking some time to think about how that’s going to look.

Duffy: We have to spend a lot of time monitoring what’s going on, because in many cases, associates are using websites and other tools that involve moving data for very important business reasons, and we can’t just willy-nilly go in and block it. So we have to monitor and check with them, and work with the managers and business leaders to ensure that we’re not impacting the business in a negative way.

Ortbals-Tibbs: So Joe, mobile is just more complication in this.

Duffy: While making work easier for a lot of people, it has made it a very complex environment to keep data. With laptops, we’ve got pretty good controls in place. But with the other things—like iPhones, iPads, other mobile devices—people have access to data from basically anytime, anywhere, and it many cases, it’s very sensitive. It’s a big challenge, and one that we’re going to have to take a lot of time to work on and resolve. 

Additional Resources

• ICI Information Security Resource Center
• ICI Viewpoints Series: Cybersecurity at Work
• Focus on Funds: Fund Cybersecurity Strategies Are Changing
• Focus on Funds: Fund Industry’s Cybersecurity Efforts Continue to Expand
• Focus on Funds: ICI Brings New Cybersecurity Offerings to the Fund Industry