Welcome back to our three-part series examining cyber vulnerabilities surrounding family offices and steps they can take to mitigate those risks. In Part One we discussed how family offices are particularly vulnerable to cyber-crime. In Part Two, we reviewed different types and  trends of cyberattacks. Here, we will outline how family offices can defend against cyberattacks.

How Family Offices Can Defend Against Cyberattacks

Over a quarter of multi-million dollar family offices do not have dedicated cybersecurity policies in place to protect their systems. This may be because they do not view themselves as needing an onerous cybersecurity policy. However, this view is short-sighted and can leave family offices subject to heavy losses. Family offices do not need to implement large scale or particularly burdensome policies or procedures. Rather, they can build specialized, flexible programs by utilizing a consultant that is reactive to ongoing and updating threats.
Continue Reading

Welcome back to our three-part series examining vulnerabilities surrounding family offices and steps they can take to mitigate those risks. In Part One we discussed how family offices are particularly vulnerable to cyber-crime. Here, we will review different types and trends of cyberattacks.

Cyberattack Trends

Most cyberattacks are the result of “phishing” emails. “Phishing” refers to a deceptive effort to obtain the recipient’s sensitive information by disguising the sender as someone the recipient knows and would trust. Phishing recipients can be deceived into downloading malicious software, providing personal information like account numbers or PINs, wiring funds or paying invoices to cyber-criminals. Ransomware is malware that denies the victim access to their system’s files until the victim pays a ransom. While malware can also take the form of “drive-by” downloading when a victim visits a website prompting the malware to download, over 90% of malware is still delivered via email.
Continue Reading

At least 25% of family offices have been subjects of cyberattacks, and nearly 40% of them lack a cyber security policy. Welcome to a three-part series that will examine the cyber vulnerabilities surrounding family offices and steps they can take to mitigate those risks.

Family Offices Are Particularly Vulnerable to Cyber-Crime

As part of the global increase in the number of billionaires worldwide, family offices have evolved from little more than holding companies to highly sophisticated financial firms managing family wealth, administering assets and acting like a typical private equity or debt fund. Family offices are managing almost 50% of Ultra High Net Worth family wealth. Given the vast amount of wealth that family offices support, they are prime targets for cyber crime, which some analysts project will account for a global $6 trillion cost by 2021.  The fact that nearly 40% of family offices do not even have a cybersecurity policy in place highlights the need for improvement when it comes to making themselves less vulnerable to cybercrime. 
Continue Reading

On May 21, the North American Securities Administrators Association (NASAA)—an organization comprised of 67 securities regulators within the United States (all fifty states as well as districts and territories), Canada, and Mexico—released a model cybersecurity rule package governing state-registered investment advisors’ cybersecurity and privacy practices.  The model rule package, which would need to be adopted by an individual state so as to become law in that jurisdiction, provides a structure for how state-registered investment advisers must design their information security policies and procedures.
Continue Reading

European Commission Comments on GDPR’s One-Year Anniversary

On the one-year anniversary of the GDPR, Andrus Ansip, Vice-President for the Digital Single Market and Věra Jourová, Commissioner for Justice, Consumers and Gender Equality has released a joint statement on the momentous law: “The main aim of the rules has been to empower people and help them to gain more control over their personal data. This is already happening as people are starting to use their new rights and more than two-third of Europeans have heard of the regulation.”  The entire statement can be found here.

FTC Extends Comment Deadline on Proposed Changes to Safeguards Rule

The FTC has extended the deadline to submit comments on proposed changes to the Safeguards Rule by 60 days until August 2nd.  In March, the FTC announced it was seeking comment on proposed changes to the Gramm-Leach-Bliley Act’s Safeguards Rule as well as the Privacy Rule. These regulations require financial institutions to inform customers about its information-sharing practices. More information can be found here.

FBI Reports That Cybercrime Cost $2.7B in 2018

The FBI’s annual Internet Crime Report, states that IC3 received 351,936 complaints in 2018 which is about 900 every day. The statement released with the report said, “[t]he most frequently reported complaints were for non-payment/non-delivery scams, extortion, and personal data breaches. The most financially costly complaints involved business email compromise, romance or confidence fraud, and investment scams, which can include Ponzi and pyramid schemes.” More information can be found here.
Continue Reading

Proposed Bill Makes Dramatic Changes To North Carolina Security Breach Notification Law

Some of the proposed changes include:

  • Businesses would have to “[i]implement and maintain reasonable security procedures and practices, appropriate to the nature of the personal information and the size, complexity, and capabilities of the business.”;
  • Businesses would be required to offer at least two years of free credit monitoring; and
  • Replacing the current “without unreasonable delay” standard for breach notification to “as soon as practicable, but not later than thirty (30) days after discovery of the breach or reason to believe a breach has ”

A copy of the bill can be found here.

24 Tech Companies Support CCPA amendment

According to the DuckDuckGo Blog, 24 different tech companies have written a letter in support of the CCPA amendment. The blog states, “CCPA is set to take effect in 2020 and is without a doubt a major advancement in individual privacy rights for Americans. As an Internet privacy company that empowers users to take control of personal information, we support the law. And we want to see it become even better.” A copy of the letter can be found here.
Continue Reading

Make no mistake about it, the Department of Homeland Security’s newest agency, the Cybersecurity and Infrastructure Security Agency (CISA) is serious about cyber. Not even one year old, CISA has taken on the responsibility of protecting the nation’s critical infrastructure from cyber threats. Taking a collaborative approach, the agency states the following as its mission:

CISA partners with industry and government to understand and manage risk to our Nation’s critical infrastructure

On April 3, 2019, in furtherance of agency efforts, CISA’s Chief Counsel, Daniel Sutherland and Steven Kaufman, Principal Deputy General Chief Counsel, spoke about how CISA can help your organization and its clients protect against and respond to cyber incidents. This in-depth look into the agency, presented by McGuireWoods and the Mecklenburg County Bar, highlighted how CISA’s approach will benefit both federal and non-federal organizations.
Continue Reading

Please join McGuireWoods and the Mecklenburg County Bar, on April 3, 2019 from 10 – 11 a.m. EST,  for an exclusive look into the newly formed Cybersecurity and Infrastructure Security Agency (CISA). Hear from CISA’s Chief Counsel, Daniel Sutherland, about the agency’s mission, its statutory authorities, and how CISA can help your organization and its

What is this bill?  A new bill introduced in the U. S. Senate on March 14, 2019 would require companies to obtain explicit user consent before facial recognition data could be collected and shared. The bill is known as the Commercial Facial Recognition Privacy Act of 2019, and was introduced by Sens. Brian Schatz. D- Hawaii and Roy Blunt, R-Missouri.

What does the bill prohibit?  The bill makes it unlawful for any covered entity to knowingly use facial recognition technology to collect facial recognition data, UNLESS the covered entity obtains explicit consent from the individual after providing notice to such individuals. The bill would also require that covered entities notify individuals whenever their facial recognition data is used or collected.
Continue Reading

FTC Seeks Comment on Proposed Amendments to Safeguards and Privacy Rules

The FTC is seeking comment on proposed changes to the Safeguards Rule and the Privacy Rule under the Gramm-Leach-Bliley Act. The Safeguards Rule requires a financial institution to maintain a comprehensive information security program. The Privacy Rule requires a financial institution to inform customers