Training and technology are critical to ensuring cybersecurity for private equity firms
Over the past 18 months, the shift towards working from home has exposed private equity firms to a far higher threat of cyberattacks, and many have wanted to review their cybersecurity options to ensure good defences against cyber-attack, says George Ralph, Global Managing Director and CRO of business IT consultancy RFA, who specialise in cloud, data, and cybersecurity solutions.
For firms conducting big deals potentially worth billions of dollars, the loss of any sensitive data or information could be hugely damaging.
That is why training every member of staff properly and effectively in the safe use of technology is a vital part of any firm’s cybersecurity procedures, Ralph says.
“When you or your technology partner are training, make it accessible, understandable for all, and aim for a series of short sessions rather than one long one,” he comments.
“In our scattered working environment, perhaps even make the training a part of a team catch up, ensuring it is inclusive for every member of your team, no matter what their role within your business.”
However, it is also essential for businesses to be realistic about the complex and persistent threats that exist.
Ralph says: “Your users cannot compensate for weaknesses in your processes or technology. It isn’t realistic to expect, when each member of your team is dealing with hundreds of emails every day, often under pressure, for the team to be vigilant at all times. Different roles in your business will have different risks associated with them, so it is worth setting up different security measures accordingly.”
Where appropriate, he recommends that firms make use of containerised remote desktops for users to view sensitive information or provide documents that can’t be downloaded via secure collaboration tools.
RFA offers clients its own extra layer of protection against cyber threats. The firm operates a dedicated Security Operations Centre (SOC) designed to monitor suspicious activity on all of its clients’ networks 24 hours a day, 365 days per year.
Typically, this kind of service is provided by an outsourced third-party provider but RFA offers its own in-house managed detection and response service for clients, which incorporates machine learning and AI capabilities to help identify attacks and prevent them before they are successful.
“Through looking for anomalies in the behaviours of a person or device, or bad links or data, our automated system can react to abnormalities and security threats in real time,” says Ralph.
“We understand the massive increase in number of entry points to a network that has come about since more people are working remotely, away from their main offices. This creates a security risk, mostly made up of devices being connected to multiple networks.”
Cloud offers big improvements
Increased awareness of cyber threats is only one technology trend which Ralph says has dominated the industry in recent years.
Private equity firms have also been shifting more of their data and activities into the cloud as they seek to take advantage of the same highly scalable storage and flexible computing power which is transforming many other industries.
Ralph believes the advantages for PE firms in terms of efficiency and the ability to use new tools and AI-based services to analyse potential target companies and conduct deals are huge.
By digitising as much of their activity as possible on the cloud, private equity firms can seize significant competitive advantages, he believes.
“An effective digitisation process is built on an effective data strategy,” says Ralph, a cloud and cybersecurity specialist who has been advising financial services firms on the transition from on-premise to cloud-based solutions for many years.
“An end-to-end managed data solution is usually the most effective approach for a PE firm. A data warehouse will separate the layers of your data via any public cloud provider: AWS, Azure or Google Cloud. You are then able to scale your data and separate data processing and storage to allow you to harness that data for deal making and key investment decisions.”
By automating processes that have previously been conducted by in-house teams manually, Ralph says that firms can improve their data governance and analytics in ways which will also better meet the demanding standards of institutional investors and global financial regulators.
An emerging private equity manager and an established manager might use different tools for their data and digital transformation journey, he says, but the principle is broadly the same.
“The great thing about public cloud and data warehousing is that it is entirely scalable. At RFA, we don’t have clients using the same technology set up two years after launch as they did on day one: the journey is seamless as we scale firms up,” Ralph comments.
Founded in 1989, RFA, which has over 850 clients globally divided between hedge funds and private equity, offers clients managed private cloud, infrastructure-as-a-service and secure multi-cloud services, which offer the flexibility and scalability of public cloud services whilst benefiting from the security and direct control of the private cloud.
Crafting an effective data management strategy is a critical priority for PE firms which are seeking to make the most of their shift to the cloud, says Ralph.
“As more and more people get involved in their data journey, they will discover more anomalies in the patterns of their behaviour as a business, how they operate and also the functions of the business. Alongside those starting out, firms that have already embarked on their digitisation journey are in phase two of their delivery now, and we are seeing firms’ data scraping into their data warehouse to then review the KPIs on that data in order to see how that impacts their fund’s performance.”
Outsourcing to a third-party provider is likely to be a key part of any shift to the cloud. “As an example, at RFA, we have a significant R&D team,” Ralph says.
“We use Snowflake, Azure and AWS to manage our own data, and Power BI to get insight into that data. This allows us to use trend analysis to see what of our own processes we should automate; this is exactly the same mechanism we use for clients and is difficult to substantiate without outsourced assistance,” he concludes.