Should a Family Office Prioritize Cybersecurity?

March 18, 2016

A family office is exactly what it sounds like. It manages the daily affairs of a family – including access to tax and banking information, personal files, trust services, education funds, and more. The Family Office also often connects to an outside business office.

I think we can all agree that it’s critical this information is secure. But is cybersecurity a big risk?

The answer is an obvious yes.

Think about it. A wealthy family’s assets can eclipse most mid-market company’s assets. If the Family Office is managing a wealthy family’s risk, then shouldn’t they be doing the same things for the family that a board of directors for a mid-market company would do for their organizations? Most mid-market companies with $100M in assets have an audit committee that monitors the organizations cyber security policy compliance.

Wealthy Family Home Offices are Low-Hanging Fruit for a Hacker

From a technology standpoint a wealthy family’s IT assets and networks can at times be more expansive than most sophisticated mid-market businesses. These same assets are connecting to networks in multiple homes and usually across multiple businesses and business offices. Managing the security across so many diverse networks is hard enough for a sophisticated company, but for a Family Office it is almost impossible.

The Family’s networks may have firewalls and the laptops/computers may be running anti-virus but when is the last time the firmware was updated on the routers, switches and WIFI? Is the firewall managed? What about true end-point protection, Security Information and Event Management (SIEM), vulnerability scanning or netflow analysis? Is anyone considering threat intelligence?

Of course not, but should they? In many families the assets under management are far more diverse than a sophisticated corporation that does have all of these cyber protections.

Varying Degrees of Cyber Sophistication

Family members have a range of understanding when it comes to cybersecurity.

  • Teens tend not to prioritize privacy
  • Adults tend not to understand what a security exploit looks like
  • Third party companies may not have cyber security protections within their own businesses, and
  • The head of the household (Family Office manager) may not be spending the appropriate money due to lack of knowledge of the threat.

In a sophisticated corporation, employees would be trained to recognize a phishing message, there would be a cyber response plan, there would be employee policy documents for what is allowed and not allowed on the network and each vendor would have to have cyber insurance and be open to cyber security audits.

Family members also tend not to use encryption, backup their data, or update vulnerable software. But they do tend to send information over the internet in clear text and use risky software such as BitTorrent and Tor.

What’s at Risk?

  • Loss of personal information (photos, videos)
  • Hijacking social media and causing damaging reputations
  • Loss of creative works (manuscripts, lyrics, etc.)
  • Loss of healthcare records, tax returns, and other vital information
  • Manipulation of bank and brokerage accounts
  • Loss of information about employees, vendors, and business associates
  • Loss of competitive business information–The vast majority of single family offices were built through highly successful family businesses (2008 Wharton study)

Educating Family Office Members

In order to reduce cybersecurity risk, Family Office members should be educated on the following:

  • Help with cyber liability insurance
  • Help with identity fraud protection
  • Help with technology management ensuring the families IT assets, networks and perimeters are safe from cyber attack
  • Help with cyber training for the family so they recognize the risks
  • Assurance from the Family Office management firm that they are protecting themselves with insurance, good process, audit and network monitoring tools. After all, a Family Office exists on reputation alone and a public breach would wreck the reputation of the firm.

NetWatcher provides continuous monitoring to assess threat levels and manage network security. For a free demo to see how we can help, click here.