Cyber risk: Pre-and post-breach tips for family offices
Marc Schein
Tamara M. Stephens
An ominous warning appears on the screen, and your computer is unresponsive. As you realize you’ve just experienced a cyberattack, the next question is obvious: What should I do now?
For affluent families and the family offices that serve them, losing access to data – or becoming the victim of data theft – can be traumatic and expensive. Ransomware attacks surged during 2020, with the number of US attacks doubling in the third quarter, according to cybersecurity firm Check Point Research. The increasing frequency of cyber incidents and the hardening of the cyber insurance market have placed a greater focus on underwriting and cyber risk mitigation.
Changes in the work environment during the pandemic have led to big shifts in how family offices operate. Remote work and reliance on computer networks, the cloud, and mobile devices have put intangible assets at greater risk from cyber threats.
In Marsh Private Client Services’ Family Office Benchmarking Study 2021, cyber threats ranked among clients’ top concerns: 87% cited cyber risks as an area of concern, and 84% cited financial fraud and identity theft. Respondents also noted that this is the area in which they feel least prepared.
These trends are leading more individuals, families, and family offices – which essentially are small businesses themselves – to seek advice on cyber because they often do not have the technological resources of a large organization. Here we explore tips to improve security and help prevent cyber incidents from happening as well as how to respond after a breach.
Avoiding the ‘Oh no!’ Before a Cyber Incident Occurs
The goal of cyber risk management is to ensure resilience, by preventing attacks in the first place, or improving response and recovery afterward. Before an event, families and family offices can take steps to minimize their cyber exposures and learn how to be more resilient.
“High-net-worth individuals and families typically have a larger attack surface, often a function of owning a higher than average number of devices, frequently spread out across multiple homes. Additionally, their common reliance on third parties, such as family employees, who store significant information about family members in email, chat, and other Internet-connected services, also opens another window for bad actors,” said Jordan Arnold, Chief Innovation Officer and global chair of the Private Client Services practice at K2 Integrity. “The more avenues an adversary has to exploit – from connected devices to online accounts that store value, for example – the more work a family has to do to safeguard its members and their assets.”
Steps to mitigate cyber incidents include:
Conducting a global family risk assessment. “Understanding how a family is vulnerable, whether to blackmail driven by a cyberattack, being targeted while traveling, or even a home invasion-style break in, is critical. Not only do some of these risks present harms from which there can be no recovery, but additionally, the cost of prevention is almost always a fraction of the cost of response and recovery,” Arnold noted. A trusted risk advisor and other subject matter experts can help you identify and assess vulnerabilities in your systems, devices, and online behaviors, including social media.
Optimizing privacy and security settings. Removing or reducing the amount of personal data available online can deprive cybercriminals of a common means of targeting victims.
Practicing good cyber hygiene. As in personal health, good cyber hygiene can keep networks and systems strong and resilient. Recommended practices include:
Keeping software and applications updated;
Enabling encryption on Wi-Fi and segmenting it for different users such as home, guests, contractors, and employees;
Using firewalls and virtual private networks instead of public networks;
Avoiding public chargers;
Maintaining unique passwords and changing them every 30 days;
Using multi-factor authentication; and
Not clicking on links from unknown sources.
Exploring insurance options. For families and individuals, some homeowners policies have expanded to include private network security, though coverage generally is limited. More robust coverage is available through stand-alone cyber policies and can include protection for reputational loss. Policies differ, so it’s best to review options with an experienced risk advisor.
Limiting authorization and access to sensitive data. Determine which family members or family office colleagues are authorized to approve financial transactions and administer accounts. With expert advisors, establish a strong set of internal controls that are difficult or impossible for an individual to circumvent.
Answering the ‘What Now?’ After an Event
Earlier is better when it comes to discovering a problem, so having a plan in place is essential. Certain kinds of cyber events, such as ransomware, announce themselves, so perpetrators can extort payment. Other incidents, including system surveillance, data breaches, and data theft, may go undetected for weeks or months. Whenever the realization occurs, taking steps during the first several hours can make a big difference in victims’ recovery and overall costs related to the incident.
Key steps to take in the immediate aftermath of a cyber incident include:
Act quickly. Notify your cyber insurer and/or risk advisers, who can swiftly activate a panel of expert resources.
Determine the extent of your exposure. A clear understanding is critical to minimize the impact. In addition, preserving data logs can help investigators see how the incident occurred and prevent future ones.
Have the right team in place. Forensic, legal, security, and communications professionals can all play critical roles in the response and recovery. Cyber insurance policies often make such resources available.
Experts note it’s not possible to avoid every type of cyber event. However, a comprehensive response plan, part of which is appropriate cyber insurance, can mean the difference between a devastating loss and an inconvenience. We can provide cyber insurance solutions along with access to select experts who can offer support and cyber risk mitigation and recovery services. For more information, please consult your personal risk advisor.