High Net Worth Families Need a Strategic Plan to Protect Against Cyber Crime

No one is immune to cyber risks. Digital vulnerability is ubiquitous. High net worth families, even those who take precautions against cyber criminal activity, are often unaware of and surprised by how much of their personal information is publicly available. Cyber criminals are increasingly sophisticated at piecing together disparate data points, stealing identities and launching elaborate cyberspace schemes.

HBK Risk Advisory Services recommends high net worth families adopt a strategic plan designed to manage cyber risks by enabling smarter use of digital technology. The plan should consider the multiple sources of cyber criminality and be updated regularly to address emerging threats.

The Internet

Anything connected to the internet can provide access for a cyber criminal. Of course that includes your computers and smart TVs, but don’t forget about other smart devices, like cars and even some refrigerators. Home and office routers are particularly vulnerable when they are employed beyond the date the manufacturer stops issuing software updates. When using a home Wi-Fi network, turn off remote administration features and be sure your router doesn’t appear in your network listing. And for public Wi-Fi, we recommend using a virtual private network (VPN). Smart devices should be password protected and protected with anti-virus software and a firewall, and the software that drives each device should be updated regularly with the provider’s latest security protections.

Family policies

A majority of cyber attacks are by “insiders,” that is, workers providing some type of service to the entity. We suggest that high-net families ensure they have written statements from each vendor or company they work with describing what that company is doing to protect the family from human and technology threats. We recommend regular background checks on vendors’ employees. We also recommend background checks on household and other staff with access to family houses, offices, and resources.

Administrative, technical, and physical controls are required for all cybersecurity frameworks to achieve cybersecurity. Policies must be well drafted and sufficient, and should be reviewed and updated annually.

HBK Risk Advisory Services can assist families with developing cybersecurity policies covering five key areas:

  1. Connected devices: Defines how public Wi-Fi, VPNs, and home routers are used.

  2. Identity protection: Details how the personal identity of each family member is being protected and includes credit monitoring.

  3. Social media: Describes how to protect the physical security of the family, maintain private information, and protect the image and reputation of the family and business.

  4. Passwords: Sets reasonable standards for developing and regularly changing device passwords.

  5. Payment-authorization: Details how payments are approved and how to protect against unauthorized wire transfers and other fraudulent requests for payments.

Family policies need to be set, then reviewed on a regular basis. Keeping everyone current on and attentive to the policies that have been set is critical to protecting the individuals, family, and business from cyber attacks. One oversight can spell disaster.

Using technology

While protecting yourself from technology, HBK Risk Advisory also recommends the use of technological tools for protection. Key measures include:

  • Data backups: Includes multiple backups of the family office server, smartphones, tablets, and laptops to protect against viruses and ransomware.
  • Encryption: Financial information sent to external vendors, such as accountants and attorneys, can be protected by using secure document storage, which can provide an authorized user access to a particular document or folder, or encrypted email tools to secure the emails.
  • Response: A comprehensive cyber security strategy includes identifying how to respond to a crisis, including forensic cyber services when a hack happens. The plan should address such potentialities as lost phones or laptops, how to respond to phishing emails and phone calls, and how to handle a ransomware event, hacked emails, and network intrusions.

Cyber insurance coverage can be tailored to your family’s needs. Any policy should include at a minimum coverage for breach response, cyber extortion, network interruption, and data restoration costs. HBK Risk Advisory Services can help you assess your cyber insurance coverage and suggest changes.

Cybersecurity can be a complex and technically challenging initiative. Protection requires an intelligent, comprehensive plan designed to meet the specific needs of a high-net-worth individual, family, and business. The plan needs to be thoroughly and meticulously implemented, then monitored regularly to ensure its continued effectiveness against increasingly sophisticated and constantly changing cyber-criminal activities.

About the Author(s)
Bill Heaven is a senior director in HBK’s IT Department. He specializes in cybersecurity, IT security, external IT audit, internal IT audit, IT consulting, software development, IT governance, PCI-DSS, supply chain, system implementations, and e-commerce. You can reach Bill at 330.758.8613, or by email at wheaven@hbkcpa.com.
Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.