How do I guard against cybercrime in my family office?
In the current environment of rampant cyber-attacks and fraudulent schemes, high net worth individuals and their family offices are prime targets. Identity theft is also a growing issue. It can take years and hundreds of thousands of dollars in professional fees to repair the damage to reputations and credit reports. Security measures should be ingrained into your daily life and extend to all of your employees, especially those in your family office.
Family offices in particular must be vigilant to prevent cyber-attacks. Every cell phone, tablet and computer presents an opportunity for hackers to access personal information and financial accounts. Think not only of phones, tablets, computers and routers, but also all devices that are connected to the internet. Webcams, Wi-Fi-connected door locks, thermostats and appliances can also be hacked. Even that new car of yours can be turned against you.
These are all doors to your personal and family office network, and their security is often overlooked. Hackers know the default passwords for these items and can quickly compromise their security features. So, it is critical to keep current on software security updates for your technology devices and install updates regularly.
Many family offices operate with a lean staff, which makes it more challenging to implement sound internal controls. Office staff may unwittingly create security leaks by over-sharing on social networks. For example, if a staffer lists company and title information on a social network, thieves might obtain the key pieces of information needed to forge wiring instructions.
Vigilance and persistence within your family office are key to protecting assets and reputations from cybercriminals.
This creates the opportunity for wrongdoers both outside and inside your family office to divert funds. Internally, embezzlement is often a crime of opportunity driven by a personal financial crisis. In most cases, the perpetrators have no prior criminal record. Thefts start as a short-term “loan” in the mind of the thief. If the loss remains undetected, this individual becomes more confident that he or she will not be caught and eventually gets into a position where repayment is impossible.
What can you do? To ensure the security worthiness of family office staff, perform pre- and post-hire background checks, including credit checks, which can be instrumental in identifying red flags. Implement strong internalcontrols by separating bookkeeping from bill-paying functions. Implement and enforce a policy prohibiting members of the management team from overriding internal control processes. Your accountant is a valuable resource whocan perform a review of your internal controls and systems.
If yours is a typical office, it has lagged behind in building a firewall around your personal data. We recommend outsourcing this task to a well-regarded firm specializing in family office cybersecurity. Check with those whose judgment you trust, your legal and financial counsel and your business colleagues to create a short list of possible firms. Have your CFO meet with them, make a recommendation and complete the hire. Once on board, that firm will:
- evaluate your systems, hardware and software
- evaluate your policies and procedures
- evaluate your staff’s technological knowledge
- propose improvements in hardware, software and procedures
- train your staff
- roll out the plan
- monitor the plan for effectiveness and staff adherence
- conduct ongoing testing of the system, even posing as a cybercriminal to see if a staffer will give out your bank number
Vigilance and persistence within your family office are key to protecting assets and reputations from cybercriminals. Their assault is relentless and ever-evolving and so must be your defense.
This article is distributed with the understanding that CBIZ is not rendering legal, accounting, or other professional advice. To the extent anything herein could be construed as tax advice, such advice is not intended to be used and cannot be used to avoid penalties under the Internal Revenue Code, or to promote, market or recommend to another person any tax-related matter. This information is general in nature and may be affected by changes in law or in the interpretation of such laws. The reader is advised to contact a professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in laws or other factors that could affect the information contained herein.