These are my notes, live from the forum. (Please pardon the rougher nature of this report.)
Speakers:
Terry E. Everett, CFO & COO, Rockland Capital
Garth Nichols, Senior Manager- Financial Services, EY
Christopher Anderson, CCO & General Counsel, KPS Capital Partners LP
First step is to figure out what you want to protect. For private equity and real estate funds the information may be all over the place. It’s not not just a client account database.
It’s not just about digital access, but also physical access. Figure out if people can get into your offices and if they do get in, what can can they get easy access to. Walk around and see if people have passwords stuck to their monitors.
Assess where risks may be coming from. Protect the higher risks.
Look to third parties that you share sensitive information with. Look at their program to make sure it’s up to your standard and not a vulnerability.
Your employees are likely your weakest link. Phishing and spearphishing are common attacks. Accidents happen: employees lose laptops and phones that may offer access to your systems.
You should be able to show that you have been thoughtful, have a plan a place to review, and a plan in place to deal with a breach.
