Redpave Security – Redpave Security

Securing your family's legacy in the digital age.

Menu

Securing your family's legacy in the digital age.

August 22, 2022

Top 10 security priorities for family offices in 2020.

PREVIOUS ARTICLE

NEXT ARTICLE

Top 10 priorities for family office cyber security

With so many risks, and knowing that most wealthy family members have very little patience for security and restrictions, we have developed a 10-point plan that family offices can use to protect the family’s technology. This plan is designed to be reasonable for the family, while limiting their exposure to the most common threats. Some high-profile families may choose to exceed these recommendations.

1. Technology inventory

The family office should maintain an inventory of routers (don’t forget those at each family member’s house), computers, tablets, phones and other devices. The office needs to maintain these devices and make sure that each one has updated antivirus, firewall and similar software (often referred to as *endpoint protection)*.

As part of the maintenance, the office should make certain that software on the systems, such as operating systems, Microsoft Office, browsers and accounting tools, is kept current. In addition, the inventory should track databases and the types of data contained therein. Most important are databases with client information, but also anything that thieves can exploit.

2. Written cyber policy

Family offices should have a written cyber-protection policy, including a connected-device policy, a password policy, social-media policy and payment-authorization policy. Families rarely have penalties for violating these policies, but by writing them down, communicating them and providing education, the family understands and thinks about their behavior.

3. Cybersecurity insurance policy

If the family office oversees family businesses, blog sites or foundations with websites, they should consider cybersecurity insurance. Such policies can cover:

  • Liability for loss of data, such as client personal data or credit card details
  • Remediation costs, such as investigation, notification and repairs
  • Settlement costs, such as client-monitoring services, payments or regulatory fines

4. Vulnerability assessment

Vulnerability assessments identify the weaknesses in a system. For a family office, this should include the family office, businesses overseen by the office (including a foundation office) and each family member’s home systems. Most offices lack the expertise to conduct these assessments internally, and thus contract with an outside vendor. Such assessments should be conducted at least annually.

5. Encryption tools

If confidential information is sent in standard emails, the data passes through the internet and could be intercepted and read by hackers. One way to prevent this is to use email encryption tools. These tools encode the message before it is sent, and the receiver has a similar tool to decrypt and read the secure message. If someone intercepts the message, it will be indecipherable unless they have the proper decryption tool.

Wealthy families have always been ripe targets for thieves and vandals, and the rise of the internet opened additional avenues for criminals to operate — often with a cloak of anonymity.

6. Identity protection

Despite all of the best efforts, there remains a risk that a family member’s identity could be stolen. There are many firms that will monitor any new account openings, credit requests and similar activity. They notify clients of any activity, giving them the opportunity to validate the request and prohibit transactions, if desired. They also can create a freeze, such that new accounts cannot be opened. If someone’s identity is stolen, these firms are experienced in helping the person recover from such theft. Many family offices provide such services for each family member.

7. Cyber education

The family office can use the most robust tools and vendors available, but they need to be paired with education on the risks for family office staff and family members. Cyber education should be a key part of annual family meetings to help family members understand why the family technology policies were created, and what can happen if they are not followed.

8. Data backups

While data backups can be done on thumb drives or external hard drives, it is generally preferable for backups to be stored off-site, which frequently requires a cloud-based provider. If a device is lost or stolen, or if a hacker destroys data on a device, the family can restore the data from a backup version.

9. Background checks

The family office should conduct criminal background checks annually on family office staff and vendors. Many offices conduct such checks before hiring staff, but then never do so again. When using a vendor firm (including technology providers, consultants and household staff), the firm itself may perform background checks on the staff, which may be sufficient. The office should seek proof of such checks, and if not performed, then do so themselves.

10. Network monitoring

Family offices should have staff or a vendor monitoring the family office network, business networks and family home networks, looking for signs of an intrusion. Very few family offices have the proper staff to do this internally, so they should rely on trusted outside firms. Such firms monitor systems 24 hours a day and can shut them down in the event of an attack.