Cybersecurity and the Family Office
We all hear how cybercrime is a fast-growing crime, one of the fastest growing crimes and that the financial services sector is a target. There is no single solution to the problem, and unfortunately technology is unlikely to provide one in the near future.
Threat protection technology typically lags behind the latest cybercrime tactics. However, there is one underutilized defense against cybercrime that family offices need to consider: educating their clients and employees so that they themselves can be the first layer of defense.
Without this approach, research has shown, the easiest way to breach a family office’s cyber security is through the people it employs or interacts with. It can happen in a variety of ways with threats sneaking in through:
- Outdated software without the latest security updates
- Employees allowing unauthorized access to their work laptops, mobile phones, or tablets that exposes the family office network
- Workers or clients logging onto public Wi-Fi networks with a laptop or smartphone that could compromise the device and then the family office, etc.
- Anyone connecting an untested USB memory device that can be a source of viruses and malware
Data- and cybersecurity should of course be a priority for all—from the CEO to the most junior assistant, and for every client. This is where the family office can empower all clients and staff to protect the wider business.
The first step is ensuring you have done all you can in terms of providing tools and techniques to support your staff to protect the business and understand where it might be vulnerable. When it comes to technology infrastructure, a private cloud solution is often the best choice for a family office because it should provide a built-in level of threat protection above anything a family office would typically be willing to spend money on to achieve. Also, the key elements of business continuity and disaster recovery can be integral to such a service—something family offices often do not adequately plan for.
It's time for family offices to change the way they think about technology: Read more>>
If a family office manages its own infrastructure, then the IT staff needs sophisticated cyber threat education and third party infrastructure vulnerability testing on a regular basis.
The approach for clients and staff should also be on-going education once a baseline level has been achieved. There are many training courses, a good deal of which can be taken online and in an on-going way. The idea of ethical hacking (i.e. hiring someone to “hack” your systems and pre-emptively expose any potential vulnerabilities) is also something to consider, since cybersecurity is a constantly-changing area, as this can provide a family office with insight around gaps and where it needs to focus.
The problem of cyber-attacks isn’t going away, and 2016 is seeing the threats move more and more to mobile devices. One monitoring company, ThreatMatrix, reported a 40% increase in financial cybercrime in late 2015. For a family office, knowledge and skills training is the easiest and most cost-effective way to ensure you are best prepared to combat cybercrime.
--