Welcome back to our three-part series examining cyber vulnerabilities surrounding family offices and steps they can take to mitigate those risks. In Part One we discussed how family offices are particularly vulnerable to cyber-crime. In Part Two, we reviewed different types and  trends of cyberattacks. Here, we will outline how family offices can defend against cyberattacks.

How Family Offices Can Defend Against Cyberattacks

Over a quarter of multi-million dollar family offices do not have dedicated cybersecurity policies in place to protect their systems. This may be because they do not view themselves as needing an onerous cybersecurity policy. However, this view is short-sighted and can leave family offices subject to heavy losses. Family offices do not need to implement large scale or particularly burdensome policies or procedures. Rather, they can build specialized, flexible programs by utilizing a consultant that is reactive to ongoing and updating threats.

The first defense against ransomware is awareness of these threats. By properly identifying a phishing email (e.g. validating the accuracy of the email address before opening an email, carefully considering an email attachment or the validity of a link before opening it), one can better control the risk of a cyberattack. As detailed above, cyber-criminals perpetrate their crimes through phishing emails targeted at family offices’ employees. However, family offices can significantly minimize their chances of falling victim to one of these crimes by using their employees as the first line of defense. Thus, proper training of employees on how to effectively identify and handle cyber threats is family offices’ best defense against cyberattacks. This includes:

  • Implementing policies and procedures on how to prevent and respond to cyberattacks;
  • Testing employees on their knowledge of these policies and procedures;
  • Training all employees on how to identify phishing emails;
  • Ensuring that its employees segregate personal and business functions and do not share sensitive information on social media;
  • Utilizing an authentication process for verifying instructions or requests for sensitive financial information or wire transfers;
  • Encrypting emails with private information like account numbers or credit card numbers;
  • Employing prescribed security tools and avoiding access to company networks through unsecured internet connections;
  • Regularly backing up important data as this is critical to a family office’s ability to recover from a ransomware or other attack;
  • Considering cyber insurance coverage tailored to the needs of the business;
  • Ensuring that third party vendors comply with security policies and procedures; and
  • Working with third party services that have strict security measures.

Due to the portfolios they manage, the sensitive data they hold and the likelihood that they do not have robust cybersecurity prevention and response tools, family offices are attractive candidates for cyber-criminals. With the number of attacks growing exponentially, it is more imperative than ever that family offices safeguard their systems and train their employees accordingly.