Thu, Apr 18, 2024
A A A
Welcome Guest
Free Trial RSS pod
Get FREE trial access to our award winning publications
Horizons: Family Office & Investor Magazine

Managing Online Risks to Family Offices

Tuesday, November 27, 2018

By Bailey McCann

Family offices have a higher profile than ever before. The rise of social media, along with the expectation that businesses have an online presence means families have to navigate a growing risk landscape. Security studies routinely show that cybercriminals, identity thieves and burglars follow families, family members and employees online to try and get access to assets or information.

An increasing connection between online stalking and physical violence adds yet another potential layer of danger for individuals. As a result, families are rethinking how they manage what is posted online and crafting policies designed to protect individuals and employees.

Prevention, Policies & Monitoring

“Those of us who work with families have really shifted how we talk and think about online risk,” says Patricia Soldano, a family office consultant based in California. “Michelle Jordan who has done work in this area calls it ‘reputation responsibility’ - and it really involves being proactive about risk prevention, but also putting a policy in place that outlines how information is shared as well as response plans in the event of an incident.”

Thinking of your online presence as a responsibility instead of just another issue to be managed can help family members young and old alike take their inter- actions a little more seriously. Making it a responsibility to administer devices like cell phones and computers such that they are always running current software and have current security patches also limits potential vulnerability.

Jordan Arnold, who heads K2 Intelligence’s Private Client Ser- vices, Strategic Risk and Security practices, works with families on creating these policies as well as managing devices and incident response. K2 Intelligence was founded by the Kroll family, the originators of modern corporate investigations. Arnold says families have finally started to understand that prevention is much easier than dealing with the potentially permanent harm of an irresponsible post on social media or opening an attachment without checking if its real.

“The issue is when it comes to online incidents, the damage is permanent. It is very hard to remove information once it’s out there. You can delete a post but someone could have taken a screenshot. Or, if you have poor online security, it’s like leaving the door open,” he says.

Avoid real-time posts

Arnold adds that the best way to understand the risk is to think of your digital life as a footprint. “We advise families, for example, to post on a delay. If you post real-time from where you are you are creating effectively two risks. You’ve created a physical risk wherever you’ve posted from and an asset risk at your home or business because adversaries now understand you aren’t there.” Even when individuals post on a delay, they shouldn’t include overly specific locations or identifying details. That could mean anything from hotel rooms to the interior of offices. It’s one thing if an online lurker knows you’re in Paris, it’s another thing if they know at which hotel. Similarly, online adversaries that are looking for business information may be able to take away key bits of intelligence from what’s in an image of an office, conference room or other work areas.

“You might think a picture looks totally innocuous but you have to think about all the information that is in that image,” Arnold says. As part of its risk management practice for families, K2 Intelligence monitors databases of stolen information for details about their clients. A whopping 40-60 percent of those families have had information on one or more of those databases. “You don’t necessarily have to hack someone to get personal information anymore,” he notes. “It’s often about what individuals freely give up without thinking about it.” This is where changing mindsets around what goes online is a key part of prevention. Basic cybersecurity training, crafting online policies and implementing solid monitoring tools also help.

Focus on the whole organization

Timothy Lappen, founder and chairman of the family office and luxury homes groups at Jeffer Mangels Butler & Mitchell LLP, says its important to be realis- tic about what people are willing to do in the name of security. “You can implement all the best systems in the world, but if they aren’t easy to use they are going to fail,” he says. “In some cases, the response is well, we just won’t be online because the risks are too great. But, that’s not realistic in this day and age.”

Lappen suggests that getting cybersecurity insurance can be a helpful safety net if situations arise. Cybersecurity policies can insure devices, business activities and other online transactions provided that the family completes a risk audit with the insurer. If a compromise occurs the insurance policy can help recover lost or stolen data as well as covering the cost of security response. However, coverage can be denied if insurers find that organizations weren’t staying on top of best practices for information sharing and cybersecurity.

Most enterprises monitor activity internally in an effort to prevent activities that might trigger an insurance claim or security response. This practice is growing in family offices as well. Monitoring what people are doing online within the organization can be fraught - especially for families - but it can also prevent violence and insider threats. Security consulting firm Hillard Heintze works with companies and families to monitor how family members and employees are interacting online. In one case study, an employee set off an internal security trigger by posting about another employee on Facebook. The post suggested the potential for violence. Hillard Heintze worked with the organization as well as law enforcement to indentify the people involved and craft a response plan. Parties were able to come together and prevent violence by temporarily reassigning the employee under threat and ending employment with the person who made the threat. Without strong monitoring, the situation may have unfolded differently.

Kids can be but aren’t necessarily the weak link

Many parents also strictly limit screen time for their children or refuse to let them have their own devices. That can work at a young age, but it gets harder as kids age and more of daily life and indeed school- work must be completed online. Complex security procedures can also be hard for adults to stick to if they are in a hurry or think they know better. Patricia Saldano notes that it’s not always the kids that are the weak link when it comes to being online.

“I work with a lot of young people and I’m seeing more of them that aren’t online or on social media that much or they were on it and ended up leaving it. They tend to be more aware of the potential risks compared to older people, who see it as a way of staying in touch,” she explains. “Anecdotally, I see more older people on social media and they seem to have varying degrees of understanding about what it all means.”

By working with a risk team that includes cyber- security professionals, lawyers, insurers and crisis communications firms families can create a barrier of protection from online adversaries. Prevention is critical, once something is online or information is compromised it becomes very difficult to remove it. All members of the family and employees should know what the policies are and also have a working understanding of the risks of social media and other online transactions. Creating a device program can also help ensure that up-to-date software is present throughout the organization. Finally, a strong monitoring process can help ensure a rapid response if a compromise does occur.

 
Previous Opalesque Exclusives                                  
Previous Other Voices                                               
Access Alternative Market Briefing


  • Top Forwarded
  • Top Tracked
  • Top Searched
  1. KKR raises $6.4bn for the largest pan-Asia infrastructure fund[more]

    Laxman Pai, Opalesque Asia: The New York-based global investment firm KKR has raised a record $6.4bn for its second Asia-focused infrastructure fund, underlining investors' continued appetite for private markets. According to a media release from the alternative assets manager, the figure top

  2. Bucking the trend, top hedge fund makes plans for a second SPAC[more]

    From Institutional Investor: SPACs aren't dead. At least not to the folks at Cormorant Asset Management. The life sciences firm, whose hedge fund topped its peers in 2023, is confident it will match the success of its first blank-check company. Last week, the life sciences and biopharma speciali

  3. Benefit Street Partners closes fifth fund on $4.7 billion[more]

    Bailey McCann, Opalesque New York: Benefit Street Partners has closed its fifth flagship direct lending vehicle, BSP Debt Fund V, with $4.7 billion of investable capital across the strategy. Benefit Street invests primarily in privately originated, floating rate, senior secured loans. The fun

  4. 4 hedge fund themes that are working in 2024[more]

    From The Street: A poor earnings report from Tesla (TSLA) has not hurt the indexes on Thursday. The decline in Tesla stock, which is losing its position in the Magnificent Seven pantheon, is more than offset by strong earnings from IBM (IBM) and ServiceNow (NOW) . In addition, the much higher-t

  5. Opalesque Exclusive: A global macro fund eyes opportunities in bonds[more]

    Bailey McCann, Opalesque New York for New Managers: Munich-based ThirdYear Capital rebounded in 2023, following a tough year for global macro. The firm's flagship ART Global Macro strategy finished the year up 1

Click here for More about Opalesque Tracking
- A new, unique Premium Service -
  1. kedge
  2. marshall
  3. schonfeld
  4. brevan
  5. point72
  1. mortgage fund
  2. morgan stanley
  3. Mark
  4. new fund launch
  5. Moore Emerging Markets