“Situational awareness” means having a thorough understanding of one’s environment and the ability to interpret and respond to any current and future threats. “Cyber situational awareness” applies these same principles of readiness to an understanding of one’s digital footprint.
Creating cyber situational awareness in a family office can help ensure that risks are identified and mitigated in an efficient and proactive manner.
Ad A
The increasing vulnerability of our sensitive personal information and intellectual property makes it critical to understand the intersection of cyber threats and potential risks for individuals, that is, to understand one’s own cyber situational awareness. This understanding is especially critical for families with significant wealth looking to protect their assets, and ultimately, their legacy.
Outlined below are some key principles individuals and family offices should consider in order to improve their situational awareness:
PRIVACY PROTECTION
The sensitive nature and volume of our private information makes it all the more vulnerable to data breaches. Additionally, people are sharing that information using social media and public cloud services with increasing frequency and with little security or controls regarding its use.
Ad B
The inherent risks in these activities can impact a family’s privacy and reputation, and should be guided by an acceptable-use policy, and protected by nondisclosure agreements. The introduction of such protocols can help reduce information-disclosure risk and diminish current and future attack exposure.
DIGITAL FOOTPRINT REVIEW
Understanding the technology in use, as well as the risks associated with these devices and services, creates a strong framework to build upon. A thorough review can highlight items such as multiple homes, travel, accounts and services that open up additional avenues for attackers to gain access to private information and exploit known and potentially unknown vulnerabilities.
ELECTRONIC INFORMATION INVENTORY
Following the recommended digital footprint review, clients and their families should meet with cyber-risk advisors to review how and where their sensitive electronic data is stored, and how that data is transmitted, accessed and managed.
A formal information access control policy is also recommended to ensure that information is appropriately secure, available only to those who need it and, in an emergency, accessible only by authorized parties.
INCIDENT RESPONSE AND MANAGEMENT
A real and growing concern for families is what to do in the event of a financial fraud incident, “ransomware” event or other cyber attack. In the event of an incident, a well-prepared family office will have easy access to cyber, fraud and forensic experts to help identify the point of breach, mitigate impacts and prevent any recurrence.
This preparation enables families to navigate the dynamic threat landscape, with proper guidance and peace of mind in moments of crisis.
REPUTATION PROTECTION
Social media profiles and digitally available information on the public internet or dark web may expose clients to reputational damage and other risks, such as identity theft. Open source intelligence managed by a cyber advisor can be leveraged by families to identify potentially detrimental situations early on, helping to minimize the likelihood of reputational damage.
EDUCATION AND GUIDANCE
Security awareness training for clients, family members and employees is an important but often missed aspect of risk management. Everyone should understand current threats and how risks can be mitigated, transferred or eliminated. Ongoing guidance from a cyber-risk advisor can provide critical benefits, such as notifications of new threats, assistance in onboarding new employees and up-to-date training materials about policies and best practices.
Creating cyber situational awareness in a family office can help ensure that risks are identified and mitigated in an efficient and proactive manner. With the requisite oversight and governance strategies in place, you can find comfort in navigating the path to protecting your sensitive data and reputation.
This article was originally published in the June/July 2016 issue of Worth.
