For Your Eyes Only: Segregating Investor Data
An Emerging Best Practice is the Isolation of all Investor CRM & Investor Portal Data
The increasing threat of cyberattacks has caused CFOs and IT professionals at alternative investment firms to rethink the strategy of a single CRM to support investors and deal professionals. Investor data is the most sensitive information held by alternative investment managers. Any breach could result in at a minimum fines by the SEC and public embarrassment.
A recent article in PFM, Guarding the Gates
, Nicholas Barone, Director of EisnerAmper, stated "having layered security controls in place is key to preventing attacks like ransomware." The article makes the logical point that the best security practice is to segregate fund investor data and make it only available to a small group of users.
A recent trend in CRM software for alternative fund managers has been to commingle deal information, portfolio information and investor data into a single CRM. This integrated approach seems logical until the security consequences are considered. Even with a layered security, where deal professionals do not have access to investor data, a data breach could still occur and you had all of your eggs in one basket. If one additionally considers that there is no business value to integrating these data sets, then why have your investor data commingled in the same database?
Back to Blog