Why are ultra-high-net-worth families at increased risk of cybercrime?
As cyber criminals become increasingly shrewd and perspicacious, families of wealth need to keep their guard, and their security, up.
As revealed in Campden Wealth’s Global Family Office Report 2021, families have prioritised cyber security with a notable 77% of respondents said they had a cyber security plan. However, 55% said their plan “could be better” - and that’s where the trouble can start.
Mike Coleman is the senior vice president of strategic partnerships, government and corporate solutions at Global Guardian, a leading duty-of-care firm that supports high-net-worth families and family offices, as well as Fortune 1000 corporations, with a comprehensive suite of security, medical and emergency response services.
Here, Coleman discusses the measure to take and traps to avoid to ensure protection from cyberattacks…
Global Guardians recently released its Digital Threat Report, what were the key findings?
The report highlights several key vulnerabilities to family offices and private wealth in the digital space. The most significant is the active collection of personal information with the potential to use it for nefarious purposes. Cybercriminals are utilising information to exploit vulnerabilities in cyber or information security systems. Organisations possessing traditional wealth or informational wealth are the targets of both groups.
According to Campden Wealth’s North America Family Office Report 2023, attacks from cyber criminals have increased over the past year, with a significant number of family offices admitting they don’t have a security plan in place and feeling insufficiently prepared to safeguard themselves. What steps should family offices take to protect themselves?
If a family office’s security plan centres on anonymity, they have failed to understand the current threat in this digital age. Family offices should conduct two independent evaluations to set a baseline for a security plan. The first should be focused on their cyber infrastructure. A thorough cyber assessment should evaluate not just the cyber infrastructure of the family office - such as firewalls and virus protection - but the training of staff. The best digital protections don’t stand a chance against an uneducated employee who invites attacks through poor cyber security practices.
The second assessment should evaluate the digital footprint of the office, its employees and the family members it serves, especially when it comes to social media. While social media may not build a comprehensive picture for criminals, it provides significant clues into the lifestyle and resources of family members.
Both assessments should be used to design an action plan that includes training, response to a cyber incident, and the continued evaluation of employees’ training.
Cyber criminals are getting increasingly wily with their attack strategies, what obvious signs should families be looking out for?
If the signs of an attack were obvious, they would be easy to defeat. The days of stopping attacks because recipients identify a misspelling, bad English, or unknown senders are over. Criminals have become much more sophisticated and careful with their attacks as they now realise a failed attack puts the family on notice.
Cybercriminals have become increasingly refined in their attacks, often targeting family offices with well-designed and researched attacks. Attacks have been known to “spoof” or impersonate third-party service providers utilised by family offices for outsourced services such as IT. These attacks often start with utilising information found on social media or open sources, such as the family office’s website.
Many family offices overlook the significant amount of information that is posted on social media by younger members of a family. Often these social media posts build an extensive picture of the wealth of the family and the real-time location of its members. We see many older family members disregard the dangers of social media because they simply don’t understand the extent that their lives are being shared online by other members of the household.
Families of wealth obviously travel a great deal, what should they do to protect themselves when on the move?
There is no possible way to plan for every contingency when traveling. A broad approach to travel security should focus on a few key considerations: pre-trip education, medical needs, and security at the destination.
Many members of ultra-high-net-worth families pride themselves on being well-experienced world travellers that have “been there and done that.” However, we see families traveling under the assumption that their destination is the same as when they last visited. They fail to consider political or economic changes that can result in civil unrest or transportation strikes, which impact their travel. A pre-trip intelligence review of the destination can alleviate many of these concerns or, at a minimum, allow planning to mitigate the risk.
Additionally, families should consider what they would do in the case of a medical emergency - where would the family member be treated, how would the family member or staff pay for the treatment, what would they do if the injury was serious and required movement to a more sophisticated treatment facility? This is especially important when traveling to exotic or remote destinations.
Travel security should consider not just physical security but information/cyber security. All electronic devices should utilise a Virtual Private Network (VPN) when operating on a foreign cell phone network - and especially if they are on a local Wi-Fi network. Additionally, social media posts should be limited. The last thing you want to do is publicise that the family or family member is outside the country - especially if they are in a high-risk location - or that their residence is currently unoccupied. We have seen numerous professional athletes targeted by criminals due to a well-publicised game schedule that puts them away from home.
Does social media pose a threat to online security? If so, what actions should be taken to mitigate these threats?
Social media presents a serious threat to online security - as well as a family’s physical security. It gives criminals a window into the lives of their prospective targets to commit cybercrime or even physical crimes, like theft or kidnapping. The days of not having a social media presence are over - even family members who don’t actively utilise social media can be the topic of discussion on social media. Mitigation of the risks occurs through strict adherence to social media rules, such as not posting your full name, removing geolocational data from posts, and not revealing any part of your routine. All accounts that are not professionally managed should be private and only accept friend requests from known individuals.