This blog follows up on my post a few weeks ago on “What Every Family Office Director Should Know about Cyber Security.” Today, I’m going to go into more detail about some of the risks facing high net worth individuals. Mobility and technical agility keep your Family Office’s daily business and the family’s personal activity in sync, but this digital connectivity brings unique cyber security challenges. Why? Private clients and their Family Offices are exceptionally attractive targets for cyber criminals. I’ve outlined my four tips for cyber security for family offices in the blog below.
1. Cyber Security for Family Offices – Know the Risks
The two greatest cyber security risks through the rest of 2015 and well into 2016 are social engineering and ransomware. A broader list includes the following:
- Targeted cyber-attacks or identity theft via cyber breach.
- Denial-of-service attacks, phishing, pretexting, social engineering and ransomware.
- Fraud or other loss related to electronic funds transfer.
- Technical disruption and data loss due to computer failure.
- Employees who abuse their legitimate access by accident or intent.
- Extortion or kidnap-and-ransom plots powered by geo-tagging and tracking of online activity.
- Hacking of home security systems and other risks to personal safety as high-profile target for cyber criminals.
- Invasion of privacy and infliction of reputational damage.
- Portable device theft or loss compromising digital privacy and security.
- Hacktivist attacks to achieve political or ideological motives.
2. Ask Your Experts the Tough Questions
When working with cyber security companies, think beyond ease-of-use and assumptions of data protection and ask insightful questions that will help to identify the strengths and weaknesses of your current information security strategies.
- Are we protected?
- Are we doing enough?
- What is the financial, reputational, and lifestyle-related impacts if we incur a data breach?
- Do we have a data recovery plan in place?
3. Understand the Drivers of Effective Security For High Net Worth Individuals and Families
Today’s technically agile world puts new demands on Family Offices to be aware of risks and be proactive in securing and protecting the transmission and storage of sensitive financial, business and personal information.
Ensuring information security requires counseling and guidance from a trusted advisor, not just a technologist or IT expert; strict policies that staff and employees understand and observe; and an expert and informed approach to planning, executing and auditing OPSEC (Operations Security).
4. Take Action Now
Employ technology solutions that balance the highest level of security against ease of access and operational robustness. Specifically, you should address: (1) Network Layering, (2) Application Layering; (3) Security Policies and Practices; and (4) IT Support Model.
Ensure that you or your Information Technology providers have the proper tools in place – and that they are effectively managing your information security. this should include (1) ISO 27001 or industry‐specific requirements, (2) penetration tests; (3) social engineering awareness, training and prevention; and (4) disaster recovery/business continuity.
If you have any questions about this issue, just ask. I’m passionate about helping private clients and Family Offices gain assurance in this arena.