Sun, Jan 20, 2019
A A A
Welcome Guest
Free Trial RSS
Get FREE trial access to our award winning publications
Horizons: Family Office & Investor Magazine

Managing Online Risks to Family Offices

Tuesday, November 27, 2018

By Bailey McCann

Family offices have a higher profile than ever before. The rise of social media, along with the expectation that businesses have an online presence means families have to navigate a growing risk landscape. Security studies routinely show that cybercriminals, identity thieves and burglars follow families, family members and employees online to try and get access to assets or information.

An increasing connection between online stalking and physical violence adds yet another potential layer of danger for individuals. As a result, families are rethinking how they manage what is posted online and crafting policies designed to protect individuals and employees.

Prevention, Policies & Monitoring

“Those of us who work with families have really shifted how we talk and think about online risk,” says Patricia Soldano, a family office consultant based in California. “Michelle Jordan who has done work in this area calls it ‘reputation responsibility’ - and it really involves being proactive about risk prevention, but also putting a policy in place that outlines how information is shared as well as response plans in the event of an incident.”

Thinking of your online presence as a responsibility instead of just another issue to be managed can help family members young and old alike take their inter- actions a little more seriously. Making it a responsibility to administer devices like cell phones and computers such that they are always running current software and have current security patches also limits potential vulnerability.

Jordan Arnold, who heads K2 Intelligence’s Private Client Ser- vices, Strategic Risk and Security practices, works with families on creating these policies as well as managing devices and incident response. K2 Intelligence was founded by the Kroll family, the originators of modern corporate investigations. Arnold says families have finally started to understand that prevention is much easier than dealing with the potentially permanent harm of an irresponsible post on social media or opening an attachment without checking if its real.

“The issue is when it comes to online incidents, the damage is permanent. It is very hard to remove information once it’s out there. You can delete a post but someone could have taken a screenshot. Or, if you have poor online security, it’s like leaving the door open,” he says.

Avoid real-time posts

Arnold adds that the best way to understand the risk is to think of your digital life as a footprint. “We advise families, for example, to post on a delay. If you post real-time from where you are you are creating effectively two risks. You’ve created a physical risk wherever you’ve posted from and an asset risk at your home or business because adversaries now understand you aren’t there.” Even when individuals post on a delay, they shouldn’t include overly specific locations or identifying details. That could mean anything from hotel rooms to the interior of offices. It’s one thing if an online lurker knows you’re in Paris, it’s another thing if they know at which hotel. Similarly, online adversaries that are looking for business information may be able to take away key bits of intelligence from what’s in an image of an office, conference room or other work areas.

“You might think a picture looks totally innocuous but you have to think about all the information that is in that image,” Arnold says. As part of its risk management practice for families, K2 Intelligence monitors databases of stolen information for details about their clients. A whopping 40-60 percent of those families have had information on one or more of those databases. “You don’t necessarily have to hack someone to get personal information anymore,” he notes. “It’s often about what individuals freely give up without thinking about it.” This is where changing mindsets around what goes online is a key part of prevention. Basic cybersecurity training, crafting online policies and implementing solid monitoring tools also help.

Focus on the whole organization

Timothy Lappen, founder and chairman of the family office and luxury homes groups at Jeffer Mangels Butler & Mitchell LLP, says its important to be realis- tic about what people are willing to do in the name of security. “You can implement all the best systems in the world, but if they aren’t easy to use they are going to fail,” he says. “In some cases, the response is well, we just won’t be online because the risks are too great. But, that’s not realistic in this day and age.”

Lappen suggests that getting cybersecurity insurance can be a helpful safety net if situations arise. Cybersecurity policies can insure devices, business activities and other online transactions provided that the family completes a risk audit with the insurer. If a compromise occurs the insurance policy can help recover lost or stolen data as well as covering the cost of security response. However, coverage can be denied if insurers find that organizations weren’t staying on top of best practices for information sharing and cybersecurity.

Most enterprises monitor activity internally in an effort to prevent activities that might trigger an insurance claim or security response. This practice is growing in family offices as well. Monitoring what people are doing online within the organization can be fraught - especially for families - but it can also prevent violence and insider threats. Security consulting firm Hillard Heintze works with companies and families to monitor how family members and employees are interacting online. In one case study, an employee set off an internal security trigger by posting about another employee on Facebook. The post suggested the potential for violence. Hillard Heintze worked with the organization as well as law enforcement to indentify the people involved and craft a response plan. Parties were able to come together and prevent violence by temporarily reassigning the employee under threat and ending employment with the person who made the threat. Without strong monitoring, the situation may have unfolded differently.

Kids can be but aren’t necessarily the weak link

Many parents also strictly limit screen time for their children or refuse to let them have their own devices. That can work at a young age, but it gets harder as kids age and more of daily life and indeed school- work must be completed online. Complex security procedures can also be hard for adults to stick to if they are in a hurry or think they know better. Patricia Saldano notes that it’s not always the kids that are the weak link when it comes to being online.

“I work with a lot of young people and I’m seeing more of them that aren’t online or on social media that much or they were on it and ended up leaving it. They tend to be more aware of the potential risks compared to older people, who see it as a way of staying in touch,” she explains. “Anecdotally, I see more older people on social media and they seem to have varying degrees of understanding about what it all means.”

By working with a risk team that includes cyber- security professionals, lawyers, insurers and crisis communications firms families can create a barrier of protection from online adversaries. Prevention is critical, once something is online or information is compromised it becomes very difficult to remove it. All members of the family and employees should know what the policies are and also have a working understanding of the risks of social media and other online transactions. Creating a device program can also help ensure that up-to-date software is present throughout the organization. Finally, a strong monitoring process can help ensure a rapid response if a compromise does occur.

 
Today's Exclusives Today's Other Voices More Exclusives
Previous Opalesque Exclusives                                  
More Other Voices
Previous Other Voices                                               
Access Alternative Market Briefing


  • Top Forwarded
  • Top Tracked
  • Top Searched
  1. Gundlach's Forecast for 2019[more]

    Jeffrey Gundlach said that 2019 will mark the start of a period when bond markets must recon with the rising federal deficit. In his most passionate comments ever on this topic, he said the exploding national debt and liabilities involving pension funds, state and local government governments and So

  2. Institutional Investors: Texas Teachers allocates $1.9bn to 12 strategies, $53.6bn LGPS asset pool readies double global equity launch, The rise of co-investment SPVs for institutional investors, Wisconsin commits $500m to alternatives[more]

    Texas Teachers allocates $1.9bn to 12 strategies From PIonline.com: Texas Teachers Retirement System, Austin, committed a total of $1.871 billion to 12 private market investment strategies managed by existing managers, a transaction report showed. The biggest move by investment officers o

  3. News Briefs: The Jeff Bezos divorce: $136bn and Amazon in the middle, Bridgewater Associates partners with consulting firm, Cyprus no longer Mediterranean haven for Russian businesses, Goldman Sachs on course to launch cash management in mid-2020[more]

    The Jeff Bezos divorce: $136bn and Amazon in the middle From Mint: The announcement by Amazon founder Jeff Bezos, the world's wealthiest man, and his wife that they will divorce has captivated the imagination -- how will they split his giant fortune, estimated at $136 billion? And what wi

  4. Institutional Investors: Institutional investors plot large property allocations, Qatar Investment Authority aims to reach $45bn in U.S. investments, Louisiana Teachers assigns $200m, SoftBank move to slash WeWork investment sends shockwaves[more]

    Institutional investors plot large property allocations From FT: Institutional investors plan to make large allocations to property in 2019, taking them closer to their desired targets. At least €72.4bn of new capital is expected to flow into real estate this year, according to a

  5. Legal: Attorney sues after Tampa hedge fund goes under, Hedge funds showing increased interest in litigation claims, Argentina sued again by hedge fund on bonds tied to GDP growth[more]

    Attorney sues after Tampa hedge fund goes under A Tampa hedge fund company may be in legal trouble after the firm that was holding its money was sued by a lawyer who claimed "gross negligence" caused the fund to lose tens of millions of dollars. James Cordier, the head of optionseller