Fri, Apr 3, 2020
A A A
Welcome Guest
Free Trial RSS
Get FREE trial access to our award winning publications
Horizons: Family Office & Investor Magazine

Managing Online Risks to Family Offices

Tuesday, November 27, 2018

By Bailey McCann

Family offices have a higher profile than ever before. The rise of social media, along with the expectation that businesses have an online presence means families have to navigate a growing risk landscape. Security studies routinely show that cybercriminals, identity thieves and burglars follow families, family members and employees online to try and get access to assets or information.

An increasing connection between online stalking and physical violence adds yet another potential layer of danger for individuals. As a result, families are rethinking how they manage what is posted online and crafting policies designed to protect individuals and employees.

Prevention, Policies & Monitoring

“Those of us who work with families have really shifted how we talk and think about online risk,” says Patricia Soldano, a family office consultant based in California. “Michelle Jordan who has done work in this area calls it ‘reputation responsibility’ - and it really involves being proactive about risk prevention, but also putting a policy in place that outlines how information is shared as well as response plans in the event of an incident.”

Thinking of your online presence as a responsibility instead of just another issue to be managed can help family members young and old alike take their inter- actions a little more seriously. Making it a responsibility to administer devices like cell phones and computers such that they are always running current software and have current security patches also limits potential vulnerability.

Jordan Arnold, who heads K2 Intelligence’s Private Client Ser- vices, Strategic Risk and Security practices, works with families on creating these policies as well as managing devices and incident response. K2 Intelligence was founded by the Kroll family, the originators of modern corporate investigations. Arnold says families have finally started to understand that prevention is much easier than dealing with the potentially permanent harm of an irresponsible post on social media or opening an attachment without checking if its real.

“The issue is when it comes to online incidents, the damage is permanent. It is very hard to remove information once it’s out there. You can delete a post but someone could have taken a screenshot. Or, if you have poor online security, it’s like leaving the door open,” he says.

Avoid real-time posts

Arnold adds that the best way to understand the risk is to think of your digital life as a footprint. “We advise families, for example, to post on a delay. If you post real-time from where you are you are creating effectively two risks. You’ve created a physical risk wherever you’ve posted from and an asset risk at your home or business because adversaries now understand you aren’t there.” Even when individuals post on a delay, they shouldn’t include overly specific locations or identifying details. That could mean anything from hotel rooms to the interior of offices. It’s one thing if an online lurker knows you’re in Paris, it’s another thing if they know at which hotel. Similarly, online adversaries that are looking for business information may be able to take away key bits of intelligence from what’s in an image of an office, conference room or other work areas.

“You might think a picture looks totally innocuous but you have to think about all the information that is in that image,” Arnold says. As part of its risk management practice for families, K2 Intelligence monitors databases of stolen information for details about their clients. A whopping 40-60 percent of those families have had information on one or more of those databases. “You don’t necessarily have to hack someone to get personal information anymore,” he notes. “It’s often about what individuals freely give up without thinking about it.” This is where changing mindsets around what goes online is a key part of prevention. Basic cybersecurity training, crafting online policies and implementing solid monitoring tools also help.

Focus on the whole organization

Timothy Lappen, founder and chairman of the family office and luxury homes groups at Jeffer Mangels Butler & Mitchell LLP, says its important to be realis- tic about what people are willing to do in the name of security. “You can implement all the best systems in the world, but if they aren’t easy to use they are going to fail,” he says. “In some cases, the response is well, we just won’t be online because the risks are too great. But, that’s not realistic in this day and age.”

Lappen suggests that getting cybersecurity insurance can be a helpful safety net if situations arise. Cybersecurity policies can insure devices, business activities and other online transactions provided that the family completes a risk audit with the insurer. If a compromise occurs the insurance policy can help recover lost or stolen data as well as covering the cost of security response. However, coverage can be denied if insurers find that organizations weren’t staying on top of best practices for information sharing and cybersecurity.

Most enterprises monitor activity internally in an effort to prevent activities that might trigger an insurance claim or security response. This practice is growing in family offices as well. Monitoring what people are doing online within the organization can be fraught - especially for families - but it can also prevent violence and insider threats. Security consulting firm Hillard Heintze works with companies and families to monitor how family members and employees are interacting online. In one case study, an employee set off an internal security trigger by posting about another employee on Facebook. The post suggested the potential for violence. Hillard Heintze worked with the organization as well as law enforcement to indentify the people involved and craft a response plan. Parties were able to come together and prevent violence by temporarily reassigning the employee under threat and ending employment with the person who made the threat. Without strong monitoring, the situation may have unfolded differently.

Kids can be but aren’t necessarily the weak link

Many parents also strictly limit screen time for their children or refuse to let them have their own devices. That can work at a young age, but it gets harder as kids age and more of daily life and indeed school- work must be completed online. Complex security procedures can also be hard for adults to stick to if they are in a hurry or think they know better. Patricia Saldano notes that it’s not always the kids that are the weak link when it comes to being online.

“I work with a lot of young people and I’m seeing more of them that aren’t online or on social media that much or they were on it and ended up leaving it. They tend to be more aware of the potential risks compared to older people, who see it as a way of staying in touch,” she explains. “Anecdotally, I see more older people on social media and they seem to have varying degrees of understanding about what it all means.”

By working with a risk team that includes cyber- security professionals, lawyers, insurers and crisis communications firms families can create a barrier of protection from online adversaries. Prevention is critical, once something is online or information is compromised it becomes very difficult to remove it. All members of the family and employees should know what the policies are and also have a working understanding of the risks of social media and other online transactions. Creating a device program can also help ensure that up-to-date software is present throughout the organization. Finally, a strong monitoring process can help ensure a rapid response if a compromise does occur.

 
Today's Exclusives Today's Other Voices More Exclusives
Previous Opalesque Exclusives                                  
More Other Voices
Previous Other Voices                                               
Access Alternative Market Briefing


  • Top Forwarded
  • Top Tracked
  • Top Searched
  1. Investing: Ray Dalio's Bridgewater scales down European short bets after $3.2bn windfall, Here's what top hedge funds are buying in the coronavirus stock market crash[more]

    Ray Dalio's Bridgewater scales down European short bets after $3.2bn windfall From Financial News: Bridgewater Associates, the world's biggest hedge fund, has retreated from shorting European stocks after making an estimated €2.9bn ($3.2bn), as its founder and co-chairman Ray Dalio c

  2. Bill Ackman writes letter to shareholders on coronavirus[more]

    Pershing Square Holdings (PSH)'s Bill Ackman wrote a letter to investors outlining his insight on the coronavirus pandemic in the United States. He revealed that PSH completed the process of exiting the hedges on 23 March, netting a gross $2.1bn for PSH, after turning 'increasingly positive on equit

  3. New Launches: LGPS Central sets up investment grade bond fund, Leeds Equity Advisors aims to raise $1bn for PE fund, RLI Investors to launch European last-mile logistics fund, DBL Partners IV targets $450m[more]

    LGPS Central sets up investment grade bond fund From IPE: LGPS Central, the asset pooling vehicle for eight local government pension schemes (LGPS) based in England's Midlands, has launched a global investment grade corporate bond fund in order to meet its partner funds' needs. The po

  4. Investing: Marathon sees cheap assets amid dislocation in credit, Deerfield's health care buying spree, It's time to buy shares again, says BlackRock, Credit Suisse, Fed is buying credit ETFs but one hedge fund is shorting them[more]

    Marathon sees cheap assets amid dislocation in credit From Bloomberg: Distressed-investment specialist Marathon Asset Management is buying beaten-up debt amid the greatest dislocation in credit markets since 2008, according to Bruce Richards, co-founder and chief investment officer of the

  5. People: Carlyle picks 2 deputy heads for Japan buyout advisory team, Ex-Kleinwort Hambros adviser takes senior role at multi-family office boutique[more]

    Carlyle picks 2 deputy heads for Japan buyout advisory team From PIonline.com: Takaomi Tomioka and Hiroyuki Otsuka were named deputy heads of the Japan buyout advisory team at Carlyle Group. The positions are new, confirmed a spokeswoman for the New York-based private markets investment g