Over the last few months, I have been presenting pretty regularly to conferences and small gatherings of Family Office heads and trusted family advisors on cyber security issues.
If you are an attorney, accountant or financial manager who oversees administrative, legal and financial matters supporting a high-net worth individual or an entire extended family, then you should be placing cyber security very, very high on your list of priorities.
Three Cyber Security Questions You Should Ask and Answer
Here are three questions to ask:
- As a trusted advisor and steward of the family’s assets and interests, what exactly are the risks, threats and vulnerabilities you should be aware of?
- What are the factors that you and your team can quietly and efficiently address without inconveniencing your clients?
- When and how should you be counseling various family members on how to best leverage the enormous promise of technology without exposing them or other family members to unacceptable levels of risk?
Six Cyber Risks, Threats and Vulnerabilities You Should Be Concerned About
I can’t go into detail in this short blog, but at this point in my presentation, I discuss the following best practices in IT leadership that can help protect your Family Office. These sound policies can counter and mitigate the most common and often overlooked risks for affluent families and their lifestyle.
- Network Security: The Technical Backbone of the Family Office
- Free Services: Challenges in Managing the Risks – from Email to Storage
- Cloud Computing: The Pros and Cons for Families of Means
- Social Media: Insights and Case Studies from the Front Lines
- Operational Security: Why a Systemic Approach is So Important
- Physical Security: A Critical Line of Defense in Private Client IT Security
Five Cyber Risk Mitigation Strategies and Countermeasures
It’s not practical to expect yourself or your team – unless you are or your team includes an IT and information security or cyber expert – to master the complexities in cyber security. That’s a failed strategy, of course. But I encourage our clients and key decision-makers to make sure they gain, at least, a high-level awareness of six cyber risk mitigation tactics and countermeasures. These include:
- Layered Architecture: What Your Office Needs to Know
- Information Security Best Practices: A Sampling of the Most Important Policies
- Social Media: Learning About the Risks – and Then Taking Responsibility
- OPSEC: A Mini Guide for the Family Office
- Physical Access: Place the Emphasis on Control and Monitoring
Education and Training: The Value of Prevention – and Assurance
What I ask our clients and our audiences when we address these topics to remember as take-away can be expressed very concisely like this. First is Awareness. You want to know your environment and your exposure. Second is Knowledge. You should have a baseline understanding of key concepts – such as the difference between information technology and information security. Third is Judgment. Don’t make ease of use or cost of operations the primary driver of your decisions relating to cyber risk management and prevention. And lastly? Prioritization. Place personal safety at the very top of your list.