What steps should family offices take to protect cybersecurity at a time when family and non-family members are working from home? Coping with a biological virus can actually increase the risks of falling victim to digital ones. This article sets out some pointers.
When people work remotely – as more are because of COVID-19 – cybersecurity risks increase. And that’s particularly important for people working with large blocks of money, as is the case with family offices. Single family offices and even some multi-family offices, aren’t traditionally noted for large spending on security. Smaller FOs may lack the resources to handle security in-house, explaining why they turn to outsourced solutions. As this news service has been told in recent years, family offices can be fazed by the choices they have to make, and which “experts” to follow.
To try and walk readers through some of the issues in play is John Manganiello, head of business development, RFA. The US-based organisation is an IT, financial cloud and cyber-security services provider to the investment management sector.
At the onset of COVID-19, businesses were faced with the very real prospect of moving their entire workforce to a remote working environment, in a very short space of time. For many, this prospect was an entirely novel reality, with the majority of staff primarily based in offices before the pandemic. While successfully implemented by many, this move threw up a number of operational challenges and heightened cybersecurity risks that continue to persist today.
For family offices, in particular, this has been an historic change in the corporate environment. Despite modern technology allowing remote working to flourish, it is essential to carefully consider how the family members interact with each other, the office, and other critical parties. Taking a holistic view of the family office through the lens of cybersecurity, the primary concern is always about privacy and the control of data and information.
Threats from all directions
Very few companies would ever have thought that they would need to move to a model where 100 per cent of their staff worked remotely. As a result, remote platforms were not designed or configured with licensing accordingly. So, in moving to a remote working environment, smaller companies, such as family offices, were not nearly as adept at making the change quickly, making them more susceptible to cyberattacks.
Increased remote work has resulted in hackers taking advantage of cybersecurity vulnerabilities caused by widespread telecommuting, increased pressure on IT teams, users bypassing standard cybersecurity practices, and remote administration of critical information. Increased phishing and malicious content are on the rise while malicious sites and business email compromise attempts linked to the pandemic are also increasing in prevalence and many family offices do not have the proper email security and training protocols to prevent phishing and BEC scams. Once hackers get into your network, they can be there for weeks, even months, monitoring communications to access confidential information. This even extends to employees’ social media accounts, which hackers can hijack for use in social engineering schemes.
Data theft has also risen significantly, with hackers using data for extortion, disruptive or destructive ransomware attacks, a type of malware that threatens to publish a victim’s data, sell to the dark web or perpetually block access to it unless a ransom is paid. Ransomware attacks increased over 25 per cent in the first quarter of 2020 alone, costing businesses, on average, $1.4 million to recover.
This highly conducive environment to cyber threats means that it is more pressing than ever to develop control structures and processes that create a protective stance and readiness to respond to threats of all shapes and sizes.
Remote working challenges:
There are several key challenges surrounding remote working, namely insufficient remote access solutions capacity, secure home networks and personal devices, extended corporate security controls to home offices, sharing data securely with third parties, and secure collaboration and communication.
In the family office space, something that has been front and centre during the pandemic is that the work culture has changed. An office of 20 has suddenly transformed into 20 different satellite offices, where individuals are no longer protected behind the corporate controls and firewalls. Firms then need to consider how everyone is accessing confidential information. Is it through a corporate or personal device? If the latter, are there any controls in place? When someone logs into their email or accesses sensitive information from a cloud-based device like SharePoint, Google Drive, or DropBox, problems can start to arise. It’s essential from the outset that family offices understand how the devices staff are using for remote working are controlled and how the data is protected.