As Family Capital has written about before, family offices are more vulnerable to cyber crime than many other financial groups, but what can they do to make them less vulnerable? Well, a new report outlines a number of good practices for family offices in this area. Given their potential vulnerabilities, the report is probably worth reading.
Citi Private Bank reckons cybercrime is a growing threat to family offices and they need to do more to protect themselves against the threat. In its report, entitled Family Offices and Cybersecurity, the bank says a more comprehensive approach from family offices and their staff is needed if they are to avoid being a victim of cyber crime. And much of this approach should be aimed at the family office’s staff.
“People are often the weakest link in the information security system for a family office,” says the report. “The level of awareness of information security threats and the proper ways to combat them has great variability. Therefore, cyber security education should be a key part of family planning and business operations meetings.”
The report adds: “The best defensive technology in the world doesn’t protect you from your weakest link — the people that use it. Security policies and training from the board room to the break room are imperative to any risk mitigation plan.”
Citi recommends family offices create a number of “family office cyber security policies”. These policies should include recommendations on how to prevent cyber attacks and what to do in case a breach is detected. They should be updated regularly and family office teams should regularly certify that all members (including the principal) understand the policies and procedures.
Also, the often blurred line between personal and corporate devices shouldn’t be encouraged. The report says: “Ensure you access corporate data using only those security tools implemented by your organization. Do not circumvent these tools by using webmail or connecting to the corporate network outside of a secure connection. Do not store sensitive corporate information on personal devices. Whenever possible, promote separation between resources used for work and personal matters.”
The report also recommends family offices consider cyber insurance. “Insurance, at its core, is a risk management tool, and with an evolving threat stemming from information security, cyber insurance presents an opportunity for family offices to evaluate gaps and build customized solutions,” the report says.
Family offices should also actively encourage cyber security due diligence on external suppliers, vendors and staff, the report says.
The report also recommends, family offices should talk to other family office and share intelligence on the issue of cyber security. “As increasingly sophisticated cyber criminals take greater aim at high net worth family offices, building a collective and proactive self-defense, based on sharing cyber threat information and best practices across family offices, should be foundational for any family office business operation,” says the report.