Family Offices and Businesses Need Cyber Security
It cannot be repeated too often – cyber risk is not restricted to large companies. According to a new study from Campden Wealth and Schillings cited by consultant Francois Botha (posted at https://www.forbes.com/sites/francoisbotha/2018/11/10/why-family-offices-need-to-prioritize-cyber-security/#52d61e62601a) 28% of international families, family offices and family businesses have already been victims of cyber attacks. One incident cost a family $10 million. Almost 50% of ultra high net worth family wealth is managed through family offices, so these firms need to protect themselves from cyber attacks.
By 2021 cyber crime is projected to cost $6 trillion, with 90% of all companies as victims. Emile Salawi, head of family offices of BNP Paribas, is quoted by Botha as saying “Traditionally, families have relied on banks to exercise necessary governance and compliance requirements when it comes to protecting information and funds, but the time has come for families and family offices to take more responsibility for the protection of their own data…”.
For large and small businesses, 92% of malware is delivered by email, through phishing or impersonation of authorized individuals. Ransomware and cyrptojacking (unauthorized use of computers to mine cryptocurrency) are newer threats. Organized criminals monitor social networks for sensitive information.
Why are family offices targeted? According to Botha
- 40% do not have a dedicated cyber-security policy.
- There is under-investment in information technology.
- Governance structures and information security guidelines are informal.
- High profile offices have extortion value and are subject to reputational threats.
Botha recommends using a third party specialist to draw up and review information security policies and procedures.Specific recommendations include
- An authentication process to verify wire transfers and other transactions.
- Encrypting emails with private information.
- Back up data off-site.
- Regular cyber audits.
- Clear rules regarding opening links or attachments (best rule: verify before opening).
- Separate personal and company information; do not store sensitive information on insecure personal devices, or share it on social media.
- Use prescribed security tools to access company information.
- Update IT systems and devices; upgrade as required.
- Have a clear cyber-attack response plan.
- Purchase cyber insurance. Policies are available for small businesses, and high net worth individuals can also get coverage.