What COVID-19 Means for the Cyber-Operations of Hedge Funds

by Andrew Werking 0 Comments

COVID-19 is officially a pandemic, and it’s causing stressors in nearly every facet of our professional and personal lives. As if managing potential exposure and health risks aren’t enough, we’re also dealing with market volatility, economic uncertainty, and transitioning our workforces to remote work (not to mention the complications of shortages of household goods and school closures). These are stressful times, indeed, especially for those responsible for ensuring continuity of business operations.

At Agio, we’ve worked with our hedge fund cybersecurity clients consistently over the past few weeks as they prepare for and start to invoke business continuity actions in response to the COVID-19 pandemic. Here’s a breakdown of some of the common steps our hedge fund clients are taking to ensure operational continuity during the pandemic, some lessons learned, and a look at some emerging concerns.

Ensuring Operational Continuity

Agio recognizes that every fund is different, each having unique operations requiring specific continuity actions. Despite the unique nature of every fund, there are some commonalities in the ways hedge funds are minimizing exposure while ensuring continuity of operations.

  • Several of our client funds have closed offices altogether.
  • Others have focused office closures on specific cities, countries, or regions where infections have spiked.
  • Some clients are managing potential exposure by implementing alternating onsite/remote work weeks—splitting critical personnel into two teams to ensure that key players are not all in the office at the same time.

Nearly all of our hedge fund clients have implemented No Visitor policies.

Travel

Most of our clients are also prohibiting employee travel to specific cities, countries, or regions where infections have spiked. Some have banned employee business travel altogether, and many are also requiring employees to report personal travel so the firm can decide whether post-travel social distancing is required.

Remote Work

In response to COVID-19, nearly all of Agio’s hedge fund clients have instituted some form of remote work arrangement for all or part of their workforce—no small feat for an industry segment that has been slow to adopt remote work practices.

Identifying & Solving Emerging Concerns

The rapid adoption of remote work practices for the entire workforce en masse hasn’t come without problems and issues. As firms scramble to transition their traditionally office-bound workforce to remote work arrangements, we see a few common concerns arising. Here are solutions to those bumps in the road.

Create a Remote Work Policy & Enforce It

A comprehensive remote work policy defines expectations and sets the ground rules for the firm and its employees. Most importantly, employees need to understand their role and responsibility concerning the continued security of the firm’s systems and data while working remotely.

Employees also need to understand what they can and can’t do while working remotely, what equipment they’re permitted to use, how they’re required to connect remotely, and how their productivity will be monitored and measured.

Define expectations regarding seemingly trivial things like availability, connectivity, webcam usage, dress code, and the like specifically in the context of remote work.

Prepare Business-Owned Equipment for Remote Work

It’s impossible to work remotely without the equipment necessary to do so. Obvious, I know, and a seemingly simple issue to solve. But try buying a laptop, tablet, or smartphone right now. Business-class laptops are on backorder at many major supply houses right now, with no clear dates of when more might be available. Smartphone and tablet availability are in a similar state.

If your workforce isn’t already equipped to work remotely, it may be difficult or impossible to outfit your workers at this point. Without business-class devices, you face the likelihood of permitting the use of personal devices for remote work—a scary prospect from a cybersecurity perspective without significant additional controls in place.

Build a Remote Work Infrastructure

As of February 2020, there were nearly 130 million full-time workers in the U.S. In normal times, i.e., when we’re not in the middle of a global pandemic, roughly 26 million Americans (about 16% of the workforce) work remotely at least some of the time according to the U.S. Bureau of Labor Statistics (BLS). While no specific COVID-19 response related remote workforce projections are currently available, it’s clear that employers across the country are transitioning to remote work arrangements wherever possible.

A transition of only half of the 130 million full-time workers in response to the pandemic would result in nearly a three-fold increase in remote workers. Our communications and remote work infrastructures are about to be tested in a way we’ve not yet experienced.

  • Will our cell networks, internet, and other telecommunications infrastructure withstand the sudden crush of bandwidth gobbling remote workers?
  • Will your employees’ neighborhood cable internet stand the test of two full-time remote workers in every house on the street?
  • Will remote meeting service providers be able to scale to meet this unprecedented demand?
  • Given the emerging supply chain disruptions, will they be able to procure the infrastructure devices required to do so in a timely fashion?

In Conclusion

By every measure, we’re in unprecedented times. And while no one can have all of the answers right now, it is possible to adapt workflows to ensure operational continuity. If you have any doubts, contact us so we can explore how we might help.