By Andrea Ayres and Colleen H. Johnson
High-net-worth families face unique cyber threats. Consequently, fighting back requires unique tactics.
Sera-Brynn, a cybersecurity audit and advisory firm, estimates that 30 percent of its cyber service clients have been breached; many of them never knew it. Keeping your private life private is a common goal [for] most people,” states Rob Hegedus, CEO of Sera-Brynn. “Unfortunately, it is too easy in most cases to uncover a person’s status and position through even the most rudimentary online search.”
For HNW families that want to avoid cyber perils, Sera-Brynn advocates a three-step approach: Cybersecurity Compliance, Cyber Insurance and Incident Response. Families may not run like a business, but sometimes the technology that supports them should.
Compliance involves taking a proactive approach to choosing a cybersecurity framework with which to comply. There are industry standards (Payment Card Industry), U.S. government-issued standards (the Department of Commerce’s NIST) and international standards (ISO 27001). There is no single benchmark, but they generally all contain a directive to conduct a “vulnerability assessment.” This is an assessment (often by a third-party) to establish a baseline of “normal” for the computer users in a group. If you establish a baseline, then abnormalities like malware or poorly configured security settings are easier to detect. Cybersecurity companies have technology tools and the human-centric expertise to perform robust network and device scans to gather information. Clients shouldn’t abandon their antivirus programs but should consider improving it by having a trusted, third-party run annual vulnerability assessments.
When it comes to insurance, read policies carefully. There are at least 60 different types of policies available in the United States, but very little common language. For instance, Signature Family Wealth Advisors, a financial advisory firm serving HNW families, notes that one of its clients’ top concerns about technology is identity theft. “Sadly, our clients have to deal with ever increasing risks of identity theft. Criminals are using more sophisticated digital tools to try to steal a person’s credit, file fake tax returns to steal tax refunds and impersonate people to authorize fraudulent wires. Meanwhile, many individuals have an identity theft rider attached to their homeowner’s insurance and are unaware of it. This can be a valuable resource in a time of need.”
Finally, have a plan in the event of a cyberattack. While the FBI is the leading agency combatting identity theft, it is also busy dealing with online predators, cybercriminals, overseas adversaries and terrorists. “So, if your plan is to call the FBI and wait,” states Heather Engel, Executive Vice President of Sera-Brynn, “this is not enough. You need a better incident response plan.”
Keeping your smart home smart.
HNW individuals often have state-of the-art electronic and mechanical systems in their homes or other residential properties.
Here are just a few examples of what gadgets might appear in the typical HNW home:
- Touch screen alarms
- CCTV
- Whole-home security systems
- Lutron lighting system
- Heated self-cleaning oxygen pool
- Best-in-class kitchen appliances
- In-floor radiant heat
- Room humidification
- Temperature controls
- Multiroom audio-visual controls
- Window shading systems
All of these features can be controlled remotely, which makes them potential avenues for a cyberattack.
These devices comprise what’s known as the Internet of Things (the term used to describe the vast network of things that can connect to the internet). Unfortunately, it’s still the early days of manufacturers incorporating security safeguards to IoT devices. And as the IoT network grows, so does the number of attacks.
In the recent past, as ownership of homes changed, locks would be changed and, hopefully, the garage door opener would be given to the new owner. That was the entirety of the technology transfer.
Now, there are passwords.
Darek Dabbs, chief information officer of Sera-Brynn, advises new homeowners to reset all smart home devices back to factory new and re-configure them from scratch. “This is the easiest way to ensure no extra user accounts have been installed,” he states. “When devices are being reset, it is a great time to upgrade/update all of the software and firmware of any IoT device.”
Keeping your sanity in the world of cybercrime.
Cybersecurity today requires a shift in mindset. Clients should take stock of their personal computing environments. Knowing what you have is critical to understanding the larger threat. Be vigilant; nothing in cybersecurity is static. The bad actors on the threat landscape are constantly evolving, so protections must too.
Align personal cybersecurity to your clients’ objectives. Are they networking multiple homes? Do they have minor children that use the internet? Do they use technology to make their house, yard, farm, ranch, car, boat or plane smarter and, as a result, hackable? Are all of the professionals, including yourself, who store your clients’ personal information on their systems compliant with cybersecurity industry standards? How are they protecting your client’s information?
Most importantly, have a plan in the event of a data breach or other cybercrime situation. This may be as simple as having some third-party resources available to assist with data recovery, crisis communications or serve as a law enforcement liaison.
Andrea Ayres is Director, Marketing and Communications at Signature Family Wealth Advisors,
Colleen H. Johnson is the head of business development at Sera-Brynn.