Compliance with the E.U. General Data Protection Regulation (GDPR) is one of the key best practices that would help performance measurement teams better protect sensitive client data, says Michael Mikhaylov, chief operating officer (COO) and chief financial officer (CFO) for Union Square Park Capital Management, a hedge fund based in New York City.
Mikhaylov’s advice could easily apply beyond the performance team as cyber-security issues are enterprise-wide concerns.
“The first thing I would do is threat modeling,” Mikhaylov says. “I would analyze all data flows and trust boundaries. Every time that the trust boundary is crossed that is a potential exploitation that I would analyze and dig deeper into. The second is policies that you have in place whether that is encryption or managing the physical security of files or compartmentalizing data by role And the third is hiring some service providers.”
However, Mikhaylov does not recommend that firms with assets under management (AUM) of less than $400 million hire a managed security services provider. “Above that, I do. And they can manage the entire process from A to Z,” he says, about the provider.
“I think at any AUM level it makes sense to hire a vulnerability assessment consultant and they can look at your current procedures and help you revamp them or run phishing campaigns,” Mikhaylov adds. “ I also think it makes sense to define a set standard whether that’s ISO or NIST — it’s something that you can claim to stakeholders and investors. Lastly, I think even if you’re not in scope for GDPR, I think it makes sense to be compliant with GDPR from a cyber security perspective.”
Mikhaylov was a panelist for the “Protecting Client Data” session of FTF’s Performance Measurement Americas (PMA) conference, held in New York City this past March.
Click on the image above to watch the entire interview.
CREDITS:
Video Production: Janene Knox and William J. Poznanski, Jr.
Interview conducted by: Eugene Grygo, chief content officer, FTF
Co-Producers: Sarah Hathaway, vice president, FTF, and Eugene Grygo
Leave a Reply