In 2019, client surveys from a range of industries (for example, financial services, luxury real estate sales, investment newsletters, family office reports, conference audiences and private banks) with high-net-worth (HNW) and ultra-HNW (UHNW) clients are reporting a consistent conclusion: Cyber-related risk is a top concern for clients in 2020 and beyond.
From almost seven years in the field with private clients and cyberrisk, here are some ideas for thinking about cybersecurity and discussing this important topic with your clients.
Cybercrime Is Personalized
Sophisticated hacking syndicates around the world are using NSA government-grade tools to aim at the wealthy in the United States and abroad. The attacks are opportunistic and sprayed across email accounts in high volumes. And yet, each email in the set is highly customized to the individual target. The exploits are akin to cybercrime we’ve seen over the past few years with losses incurred by CEO spear-phishing and business email compromise hacks. Now, bespoke spear-phishing emails are engineered to pull anyone’s personal information from the dark web, and hackers are using it to fuel attacks on other, less prepared targets.
Now, it’s increasingly wealthy individuals and families falling victim to digital crimes. It’s essential as client advisors and leaders to elevate the issue of cyberrisk and have open conversations about the concerns. Be prepared to provide informed answers and guidance to your firm’s practices and policies and the tools your firm makes available to them for digital security.
Three Primary Cyberattack Surfaces
Digital technology can be abstract. For some, cyberrisk is difficult to see in one’s mind’s eye. Thinking about it in the context of the three primary attack surfaces helps.
Over 99% of all cyberrisk resides at the intersection of people and their personal technology. These are the three attack surfaces for cybercrime, email, personally owned internet-connected devices and the networks used to connect. Thinking critically and being deliberate about the use of email, internet devices and networks can help avoid a meaningful chunk of the overall risk.
Of course, it’s impossible to eliminate cyberrisk, and a resourceful attacker will always hold the advantage over their target. But most of the risk for private clients lies in “opportunistic” attacks that seek vulnerable, easy targets. Just being conscious of the battlefields and prepared to defend these three attack surfaces is critical for mitigating the risk.
Email is the first attack surface. Protecting from risk getting in and encrypting what goes out of a client’s email box solves for a big chunk of the problem. Today, we have to consider:
- Where’s my email hosted?
- Is the account I’m using private?
- Who owns the information shared over my email account?
- What security measures and tools are available for greater privacy and security?
Private clients, wealthy families, VIPs and others are increasingly “privatizing” email with personal domain names and secure hosting. They control who hosts it, and where, and they avoid Big Tech’s email information mining.
Windows, Macs and Androids require anti-virus protection and a suite of other defenses. iPhones and iPads are safe. But laptops, computers and Androids must be protected in today’s risk environment for HNW and UHNW clients. Innovation in “end-point protection” has advanced considerably and should be revisited.
Some of the most exceptional progress in cybersecurity over the past few years is in the area of internet network security. VPNs and automatic encryption and tunneling are better, more affordable and easier to use than ever before. Choosing the right provider is essential, but the technology has arrived.
Home and home office networks for HNW and UHNW clients should be secured. New network security technologies are capable of creating online connections cleaned of the risk and hostilities of the “public” network and connected devices, including Wi-Fi and the internet of appliances and things that are connected to the internet (for example, doorbells, baby cams, security cams and Alexa).
Smart Home Cybersecurity
The vast proliferation of internet-connected devices in our personal environments is turning the traditional notion of risk in daily life on its head. Any network-connected device, such as cameras, doorbells, smart assistants and home appliances, all are on-ramps to the local network and vectors of potential risk. For smart homes and kids, but really for everybody—serious network security is a “must-have” for wealthy families today.
It’s a bankable bet that cybercrime will get worse in 2020 and the foreseeable future. And considerable damage will be done across industry and economic sectors. But most economic and existential damage will be incurred broadly and at the individual and small-group level. Bringing clients to engage in the topic on a level more profound than the past will bring the professional and the client benefits for years to come.
Bradford A. Deflin is CEO and founder of Total Digital Security in West Palm Beach, Fla.