Cyber crime emerging as the greatest threat to family businesses
Statistics reveal that cybercrime is becoming one of the biggest commercial and reputational risks to family offices, a threat that is expected to grow well into the future. With businesses shifting more into the online and digital space, cyber criminals are becoming increasingly sophisticated in their methods.

By Francois Botha
Published on Simple October 4, 2020

About half of global Ultra-High-Net-Worth family wealth is being managed through Family Offices. It is therefore no surprise then that this sector is receiving increasing attention from opportunistic attackers who are able to exploit both the financial and reputational equity attached to these businesses. With approximately a third of all family offices already being victims of cyber-attacks, there can no longer be any complacency when it comes to information security and data-protection.

Understanding The Risks

Globally, the estimated annual cost of cyber-attacks runs into the trillions of dollars. Some large companies, banks and other financial institutions have created entire divisions within their business structure to combat this threat. It is critical for all businesses, including Family Offices, to understand the types of risk that are associated with cyber-crime:

  1. Financial Risk: This is the most obvious and most clearly understood risk. If cyber criminals are able to access your accounts, they have access to your money and are able to steal large sums before any flags are raised. Even without direct access to your accounts, they can still pose a significant financial threat if they are able to access personal or sensitive information and therefore able to conduct identity theft or extortion. Extortion is a particularly significant threat within the family office space due to the reputational sensitivity associated with very wealthy families.
  2. Operational Risk: Cyber-crime can cause serious disruptions to normal business operations.

About half of global Ultra-High-Net-Worth family wealth is being managed through Family Offices. It is therefore no surprise then that this sector is receiving increasing attention from opportunistic attackers who are able to exploit both the financial and reputational equity attached to these businesses. With approximately a third of all family offices already being victims of cyber-attacks, there can no longer be any complacency when it comes to information security and data-protection.

Understanding The Risks

Globally, the estimated annual cost of cyber-attacks runs into the trillions of dollars. Some large companies, banks and other financial institutions have created entire divisions within their business structure to combat this threat. It is critical for all businesses, including Family Offices, to understand the types of risk that are associated with cyber-crime:

  1. Financial Risk: This is the most obvious and most clearly understood risk. If cyber criminals are able to access your accounts, they have access to your money and are able to steal large sums before any flags are raised. Even without direct access to your accounts, they can still pose a significant financial threat if they are able to access personal or sensitive information and therefore able to conduct identity theft or extortion. Extortion is a particularly significant threat within the family office space due to the reputational sensitivity associated with very wealthy families.
  2. Operational Risk: Cyber-crime can cause serious disruptions to normal business operations. Cyber incidents like data breaches, email account compromises and malware downloads can result in businesses having to temporarily stop all online activity, including email communication and online financial transactions. On top of all of this, the organization will be subject to an extended forensic investigation.
  3. Reputational Risk: It is hard to quantify the risk associated with reputation. But what we do know is that a company or family’s reputation that has taken years to build can be irreparably damaged by just one cyber incident, with devastating consequences. Cyber criminals know this and use this to their advantage, accessing sensitive business and personal information and sometimes client information with malicious intent to either damage a company’s public image or hold companies to ransom. Companies are often entrusted with personal client information and when client privacy is threatened, trust is eroded and clients are lost. With modern consumers placing more importance on the values and principles that companies and brands stand for, it takes just one personal scandal to cause considerable damage to the public profile of a family business. Reputation may not be easily measured from an equity perspective, but the losses associated with a damaged reputation can be monumental.
  4. Privacy Risk: Wealthy executives and members of very wealthy families are in the public spotlight, their private lives often attracting unwanted attention and interest. With multiple online profiles across social media and networking applications, cyber criminals prey on sensitive information using social platforms to fuel scandalous smear campaigns. There is an even darker side to the privacy risk when cyber criminals use sensitive location data and personal family information with the intent to threaten personal safety.

Understanding the risks associated with cyber-crime should be encouragement enough to place cyber-security high on your business agenda. Having knowledge of how cyber-attacks occur and how they have evolved over time can also assist in sharpening your focus on the right areas.

Tactics Used By Cyber Criminals

Business Email Compromise

Businesses are becoming more frequent victims of BEC scams that target senior executives, finance employees and wealthy individuals who are responsible for online financial transactions. This form of cybercrime entails the compromise of an email account through phishing, email spoofing or keyloggers, allowing fraudsters to impersonate individuals who have the authority to instruct wire transfers. Attackers commonly intercept emails, instructing fund transfer requests to other employees, business partners, your family office or vendors, redirecting the money to a criminal account. Sometimes the email routing is adjusted so that you may never even have visibility of the original mail. You may only realize there is a problem when the money has been lost.

Account Compromise

Cyber criminals commonly attempt to access bank accounts, investments, cryptocurrency, email and other sensitive accounts for financial gain or to use information gained to conduct identity theft. Using phishing, malware and social engineering, attackers are becoming increasingly sophisticated in their methods to access your personal information and money.

Ransomware

This form of cybercrime can be one of the most costly and damaging to a business. Malicious software is often mistakenly downloaded by a recipient of a phishing email and the consequences can be dire with files being encrypted and no longer accessible. This allows attackers to then threaten exposing sensitive information or holding the information until a ransom is paid. Often businesses are left unable to operate or are placed in an extremely vulnerable position if the information has potential financial or reputational impacts.

Gathering Personal Information

Social networking has fast become the preferred communication platform for both individuals and businesses, with sites such as LinkedIn, Facebook, Instagram, Twitter dominating the social media landscape. These platforms pose a significant risk to companies, especially family businesses, with cyber criminals exploiting this space, gathering sensitive information that could have a devastating reputational impact and even compromise the personal safety and security of family members.

Cryptojacking

On a daily basis, new cyber threats emerge, making the malware from yesteryear seem like child’s play. Cryptojacking has recently emerged as one of the most common forms of cybercrime with the majority of remote code execution attacks involving the unauthorized use of other people’s computers to mine cryptocurrency.

Home Networks and Personal Devices

Companies generally recognize the importance of cybersecurity but are very limited in terms of protecting home networks and monitoring personal devices which opens up new opportunities to cybercriminals who can exploit this vulnerability.

It is clear that cyber-attackers are becoming more resourceful, creative and sophisticated in their methods. However, note that in most cases some action is required by a targeted company employee for a cyber attack to be successful. Vigilance through robust governance is key to countering the threat, which brings Family Offices into the spotlight.

Why Cyber-Attackers Target Family Offices

Family Offices are becoming attractive targets for cybercriminals, not just because of the enormous wealth that is under their control but because this business sector has generally underinvested in the necessary information technology to safeguard their information and systems. Additionally, too many family offices do not have a cyber-security policy in place, exposing an overly casual approach towards introducing the right levels of governance appropriate for the wealth that is being managed. Maintaining a strong reputation is always going to be a priority for large family businesses, so this also becomes a lucrative avenue for cybercriminals to exploit.

The underlying reason for Family Offices either underestimating or not prioritizing cyber-security could be due to the common generational gap that exists between family business leaders and a resultant prioritization of more traditional risks versus the emerging risks associated with the modern digital era. Often a family business structure can become quite complex and dispersed due to family and business expansion which can also become a barrier to maintaining good governance.

12 Point Plan For Improving Family Office Cyber Security

Information Security Policies and Procedures are essential and should be regularly reviewed to ensure that they are still adequate and relevant, and that staff are well trained on how to apply these guidelines in their day to day work. Considering the magnitude of the cybercrime threat, and the growing sophistication behind modern cyber attacks, it would make sense to employ a specialist company to audit family office cyber-security requirements and provide recommendations from a people, process and systems perspective. Some specific recommendations to consider:

  1. Use enterprise-grade anti-virus software to keep your devices safe. Consumer-grade anti-virus software is better than nothing but is only effective against 40% of the threats that are out there.
  2. IT system updates and upgrades to be employed across all devices to ensure maximum protection from cyber threats.
  3. Protect your email account by using a strong password and two-factor authentication. If security questions are asked, ensure that they are abstract enough to safeguard your account from hackers who could potentially have access to your personal and family information.
  4. Use an encrypted password manager. This allows you to use more complex passwords that are more difficult to guess.
  5. Use an authentication process for verifying instructions like wire transfers, especially for large amounts.
  6. All emails which include private information such as bank details, credit card numbers etc. to be encrypted.
  7. Off-site backing up of data. Cloud storage offers one of the most optimal solutions for backing up sensitive data. Benefits include remote server location and advanced security algorithms as well as simple retrieval of the required data when necessary.
  8. Regular cyber audits to ensure that confidential information is secure and that all publicly accessible information is scrutinized.
  9. Rules regarding the opening of links or attachments to be clearly stipulated.
  10. Personal and work resources to be separated, with sensitive company information not to be stored on any personal devices or shared publicly through social media.
  11. Company information to only be accessed using prescribed security tools and avoiding access to company networks through unsecured connections like public WiFi.
  12. Considering the potential cost of a cyber attack, it is recommended that family offices take out some form of cyber-insurance.

Take Action Now

As the world of modern business embraces technology and digitization, so too have criminals evolved in their methods to exploit this shift into the online space. The risk associated with cybercrime extends way beyond just financial exposure, especially within the Family Office space where reputation is considered a highly valuable asset. Cyber criminals will look to exploit your vulnerabilties so best be prepared before they strike as there is a high probability that they will. Ensure that all steps are taken to fortify your information security and safeguard your wealth and reputation against this growing threat.

About the Authors

Francois Botha

Simple Founder. Strategy Advisor

Francois believes that the next generation of family leaders need new, simple tools and trusted experts with a fresh outlook.

Connect with Francois Botha View Francois Botha Profile

Read the full article and explore more insights.

Join our community and become a Simple member today.

Not yet a member? Sign up for free and use your preferred social network as a one-click login

Or register using your e-mail address

register new account
Simple solutions for complex times.
Exit mobile version