header-img.jpg

Cyber Security Services for

Compliance and Reputation

Real Estate Investment Advisory Firm Goes Proactive to Assure Data and Financial Assets Remain Secure

Soundshore Technology Group Helps Land & Buildings Reach Cyber Security Goals

 The Issue:

Land & Buildings (L&B) is a Stamford, Conn.-based registered investment manager specializing in publicly traded real estate and real estate-related securities. L&B looks for opportunities to enhance current processes to ensure long term security and credibility. It does so from a position of experience, transparency and quality. When L&B works with third parties it seeks ‘best-in-class’ providers and discloses these partnerships to its stakeholders.

Given the growth of cyber threats in recent years, L&B took its pro-active approach into another arena. The firm determined that it should seek an IT partner to help assess any risks to its data and financial assets. It recognized that security breaches could threaten its reputation, its regulatory compliance and its very business.

L&B approached Soundshore Technology Group (STG), an outsourced IT support firm with special expertise in cyber security, and engaged the company to help assure its networks and systems are secure – and remain secure.

The Work:

STG began by performing a thorough cyber security risk assessment. The company examined:

  • Whether there was a firewall and if it was up-to-date from a security perspective
  • Where data was stored – in-house on servers, in the cloud, or both
  • If data was encrypted where it should be
  • If there was an anti-virus program in place
  • Whether security patches were up-to-date – not just for operating systems, but for individual programs and apps

During this initial phase, STG established an Information Security Committee comprised of key people from L&B and STG. The committee met regularly to facilitate decision-making and firm-wide communication as the then-current status was improved.

For its computer network, STG set up Group Policies, an operating system within Microsoft, that allows it to enforce password and access rights management.

In addition to these and other network security improvements, STG worked with L&B to document and enhance its cyber security objectives and plans including:

  • A Written Information Security Policy (WISP)
  • A Disaster Recovery and Business Continuity Plan (DRBCP)
  • An Incident Response Plan (IRP) – What happened? What’s the severity? What to do.

The Results/Benefits:

With Microsoft Group Policies activated as a means of control, L&B can create standards for password strength and age, restrict access to folder types, determine session timeouts, disable USB and CD-Rom drives to disallow file-saving to thumb drives. These measures serve for both cyber security and regulatory compliance.

The documented policies not only provide L&B with a cyber security roadmap, but also become outward-facing documents demonstrating controls around data for both audits by the FTC or FINRA and investor due diligence.

The Information Security Committee continues to meet twice a year to review the state of controls and processes. It determines whether there is a need to update technology, address new threats, or update policies.

According to L&B Founder and Chief Investment Officer Jon Litt, “STG helped us achieve our cyber security objectives quickly with practically no loss of productivity. We and our investors all sleep better knowing that our systems and data are secure. Of course, cyber security is an evolving issue and we are also in a position to address and minimize any incident we may face in the future.”