Americans are more likely to say a household member has had their personal, credit card or financial information stolen by computer hackers, than report being victimized by a number of other types of criminal activity including property damage and vandalism, according to a recent survey conducted by Gallup. In fact, nearly a quarter of Americans say that they or someone in their household fell victim to cyber crime in 2018 alone. Furthermore, more than a quarter of international families, family offices and family businesses were victims of cyber attacks in 2019 so far, according to Campden Wealth and Schillings. Taking into account that nearly 50% of high net worth family wealth is being managed through family offices, according to a report by Citi Private Bank, it is critical that proper measures are implemented to help protect these firms and their clients from increasingly sophisticated cyber attacks.
Family offices are targeted by cyber criminals for a number of reasons, according to the Citi report: About 40% of family offices do not have a dedicated cyber-security policy in place although they have the “wealth” equal to that of small and medium enterprises; typically they don’t invest enough money in IT; they lack formalized governance guidelines on information security; and they store sensitive data similar to that of larger organizations. High-profile family offices also become obvious targets because of their wealthy clients and the potential for extortion.
Risks abound: malware, ransomware, social networking sites
Email is a main source of malware via phishing attacks in which recipients are duped into downloading an attachment or clicking a link in order for cyber criminals to steal data, including login credentials and credit card numbers. Executive email accounts are also compromised by criminals who impersonate an individual in the company with the authority to make wire transfers or have access to confidential information.
Additionally, emerging threats like ransomware have become pervasive. This involves cyber criminals using a malicious program to gain access to an organization’s computer network and hold it “hostage” and then demanding bitcoin payment in order for the organization to regain access to its computer and data. Social networks are also a real exposure for family offices with organized criminal networks taking advantage of the various platforms. Criminals are able to gain access to sensitive information on Facebook, LinkedIn, Instagram, Twitter and other social platforms, which could damage a family’s reputation and jeopardize their personal safety and security.
What can be done to help mitigate cyber threats?
Family offices should implement information security policies and procedures with staff that is well trained on how to apply these guidelines in their daily work. The policies and procedures should be reviewed on an ongoing basis as new and more sophisticated threats are constantly emerging. Additionally, it is recommended that family offices employ a third-party specialist to assist with auditing their cyber-security requirements. Some of the policies and guidelines to consider include:
- Enabling a multi-factor authentication procedure to confirm and verify instructions including for wire transfers.
- Encrypting all emails that include private information such as bank details, credit card numbers, Social Security numbers, etc.
- Backing up all data off-site on a regular basis.
- Regularly changing passwords.
- Performing regular cyber audits to make sure confidential information is secure and that accessible information to the public is properly scrutinized.
- Avoiding clicking on links and being suspicious of attachments.
- Making it a practice not to conduct personal business using work email. Also ensuring that sensitive company information is not stored on any personal devices or shared through social media platforms.
- Avoiding public Wi-Fi connections to conduct work.
- Updating and upgrading IT systems.
- Having and implementing a clear response plan in the event of a cyber attack.
In addition to these measures, it’s also important to have Cyber insurance in place. There are a number of Cyber insurance solutions available on the market, including products that will cover everything from identity theft recovery to fraud; data restoration; cyber extortion; cyber reputational management and unintentional online libel, slander or invasion of privacy; and cyber bullying. Several insurance carriers also offer complimentary cyber vulnerability analysis as well as services to monitor, mitigate, and manage against identity theft.
Owens Group specializes in providing family offices and high net worth individuals with insurance protection including putting in place solutions to mitigate and address cyber risks. For more information on how we can help you, please contact Maureen Conn at 201-408-3514.
Sources: Citi Private Bank, Forbes, Gallup