Partner Content

How do I guard against cybercrime in my family office?

© iStock

In the current environment of rampant cyber-attacks and fraudulent schemes, high net worth individuals and their family offices are prime targets. Identity theft is also a growing issue. It can take years and hundreds of thousands of dollars in professional fees to repair the damage to reputations and credit reports. Security measures should be ingrained into your daily life and extend to all of your employees, especially those in your family office.

Family offices in particular must be vigilant to prevent cyber-attacks. Every cell phone, tablet and computer presents an opportunity for hackers to access personal information and financial accounts. Think not only of phones, tablets, computers and routers, but also all devices that are connected to the internet. Webcams, Wi-Fi-connected door locks, thermostats and appliances can also be hacked. Even that new car of yours can be turned against you.

These are all doors to your personal and family office network, and their security is often overlooked. Hackers know the default passwords for these items and can quickly compromise their security features. So, it is critical to keep current on software security updates for your technology devices and install updates regularly.

Many family offices operate with a lean staff, which makes it more challenging to implement sound internal controls. Office staff may unwittingly create security leaks by over-sharing on social networks. For example, if a staffer lists company and title information on a social network, thieves might obtain the key pieces of information needed to forge wiring instructions.

Vigilance and persistence within your family office are key to protecting assets and reputations from cybercriminals.

This creates the opportunity for wrongdoers both outside and inside your family office to divert funds. Internally, embezzlement is often a crime of opportunity driven by a personal financial crisis. In most cases, the perpetrators have no prior criminal record. Thefts start as a short-term “loan” in the mind of the thief. If the loss remains undetected, this individual becomes more confident that he or she will not be caught and eventually gets into a position where repayment is impossible.

What can you do? To ensure the security worthiness of family office staff, perform pre- and post-hire background checks, including credit checks, which can be instrumental in identifying red flags. Implement strong internalcontrols by separating bookkeeping from bill-paying functions. Implement and enforce a policy prohibiting members of the management team from overriding internal control processes. Your accountant is a valuable resource whocan perform a review of your internal controls and systems.

If yours is a typical office, it has lagged behind in building a firewall around your personal data. We recommend outsourcing this task to a well-regarded firm specializing in family office cybersecurity. Check with those whose judgment you trust, your legal and financial counsel and your business colleagues to create a short list of possible firms. Have your CFO meet with them, make a recommendation and complete the hire. Once on board, that firm will:

  • evaluate your systems, hardware and software
  • evaluate your policies and procedures
  • evaluate your staff’s technological knowledge
  • propose improvements in hardware, software and procedures
  • train your staff
  • roll out the plan
  • monitor the plan for effectiveness and staff adherence
  • conduct ongoing testing of the system, even posing as a cybercriminal to see if a staffer will give out your bank number

Vigilance and persistence within your family office are key to protecting assets and reputations from cybercriminals. Their assault is relentless and ever-evolving and so must be your defense.

This article is distributed with the understanding that CBIZ is not rendering legal, accounting, or other professional advice. To the extent anything herein could be construed as tax advice, such advice is not intended to be used and cannot be used to avoid penalties under the Internal Revenue Code, or to promote, market or recommend to another person any tax-related matter. This information is general in nature and may be affected by changes in law or in the interpretation of such laws. The reader is advised to contact a professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in laws or other factors that could affect the information contained herein.

Risk & Insurance

Disclaimer: Worth magazine is a financial publisher and does not recommend or endorse investment, legal, insurance or tax advisors. The listing of any firm in the 2019 Worth® Leading AdvisorsTM Program does not constitute a recommendation or endorsement by Worth magazine of any such firm and is not based upon Worth magazine’s experience with, or prior dealings with, any advisor. The information presented for each advisor, including but not limited to any related profile, statistical data, presentation, report, commentary, recommendation or strategy, has been provided by such advisor without review or independent verification by Worth magazine. Any such information is the sole responsibility of the advisor. Worth magazine makes no representation or warranty as to the accuracy or completeness of such information, assumes no liability for any inaccuracies or omissions therein and disclaims responsibility for the suitability of any particular investment recommendation or strategy for any person. Nothing contained in Worth magazine constitutes or should be construed as any form of investment, legal, insurance or tax advice or as a recommendation to buy, sell, hold or trade any securities, financial instruments or assets. Readers are advised to consult their legal, financial, insurance and tax advisors prior to making any investment or pursuing any investment strategy. Past, model or hypothetical performance is not indicative of future results.

back to top