Family offices: Have you locked your virtual front door but left the side window open?

In my discussions with family offices I often compare cyber security to physical security. I ask my clients to consider if they have dead bolted the front door but inadvertently left a side window open. This analogy resonates because in my experience the weakest link in cyber security, as with personal security, is almost always human error ie. someone leaving the office virtual side window open.? Cyber criminals, like burglars, are opportunistic and will get in wherever they can.?

Family offices can think that because they have few employees and are under the radar then they won’t be targets for cyber attacks. Clients say that they had controls and systems for mitigating risk in the family business which now seem overkill for the family office. Understandably with less staff they want to operate in a more relaxed environment with less process. However, in my experience, this can make them more vulnerable to cyber attackers who are becoming increasingly sophisticated.?

In fact many of my family office clients have a ‘there but for the grace of God go I’ story about cyber security. Some related to systems but usually more often human error. I’ve heard stories about narrowly avoiding making a large payment to a supplier who was a fraudster; family members clicking on malware links and exposing the family office systems to attack; and countless examples of shared passwords.

Recognising this desire by family offices to keep things simple, cost effective and secure, here are some fundamentals that I’d recommend doing now.

1. Have 3 separate email accounts, each with a dedicated purpose

Email compromise is the biggest threat as it’s the easiest way for cyber attacks to happen. Most of us have a number of email accounts which we use for different purposes. View these accounts as you would your personal and business credit cards, and use them as carefully.?

I’d advise using your work email only for work purposes. This is the account which should be subject to the tightest controls put in place by your IT manager and therefore the ‘safest’. Your main personal account should be used for shopping, travel and expenses. Finally I’d recommend a second personal account that you can use for signing up for discounts, mailing lists etc and which is the least secure. Segregating your emails this way should help when you are busy and less alert to possible malware links.?

1. Adopt a naming protocol for passwords

This is something that I’ve learnt from our cyber experts and which I’d recommend to anyone. Creating a naming convention for every password you create will make your passwords safer but also memorable e.g. A reference to the Site name or application function + Number + Symbol + Letters. It also goes without saying that you shouldn’t share your passwords or write them down.

1. Set up separate wifi networks for the business and for visitors

Only allowing the family members and family office employees to use the main/primary wifi will make this system a lot more secure. Setting up a separate wifi network for visitors, contractors and even your kids’ friends to use will reduce the opportunity for malware to be introduced by people who are less alert to the risks of e.g. opening email attachments.?

??

These are just 3 things that I’d recommend as a minimum. My colleague John Boles, has written an article that suggests some more ways for families to be cyber secure. Check it out here.