This summer, we at Family Office Exchange hosted our first FOX Family Security Workshop. According to attendees, security is currently one of their top concerns.
We brought together industry experts to discuss three key areas of security: personal, physical and cyber. Each presenter flagged examples of security risks and how criminals continue to evolve and improve their techniques. Currently, cyber-crime alone is a trillion-dollar industry. As one attendee commented, “be prepared to be scared.”
While there’s much out there to be wary of, it’s not all doom and gloom. Being aware of the threats is the first step in preparing a robust risk management plan. The workshop provided ideas for developing security policies and best practices to be the first step in protecting the safety of the family. Here are three key items to consider:
1. Plan Ahead
Take the time to create a protection plan that touches on all aspects of security for the family. It’s important not to wait until a crisis happens to put a plan in place. A security process should be approached just like the process for evaluating business and investment risks. A thorough, objective, professional risk assessment will identify real and relevant risks based on each family’s mix of assets, lifestyle choices and other factors such as public profile.
Once there’s a good understanding of risk, address urgent items and put in place mitigation strategies for others. Always get buy-in from family members and review on a regular basis, especially as there are lifestyle changes such as children getting older, families growing, marriages and divorces. One key part of the plan is to cultivate a list of security partners in case of an emergency. It’s easier to pick up the phone during a crisis if you’ve already developed relationships with your vendors.
2. Use Your Best First Defense
When it comes to security, families and employees are the key to success. The best way to fight a security issue is to avoid it. Families and employees should be trained to be part of their own protection. Training in situational awareness and how to avoid threats can be extremely valuable.
It’s also important to create a culture of security with employees. Go beyond annual security awareness training and focus on establishing an understanding with employees of how to manage security risks. Also, train household staff to participate in security, from the gardener to the nanny. They’re in a strong position to see things that other family members may not, and they should be trained to look for patterns and unusual activity and know that “if they see something, they should say something.”
Five Common Security Scams
- Phishing: Emails aimed at luring recipients to click on an embedded link, which could trigger a malware installation, or surrendering confidential information such as passwords or credit card numbers.
- Spear-Phishing: Attackers gather specific personal data and often impersonate friends or business associates, including mimicking their email addresses (a tactic called “spoofing”) to craft an especially realistic message.
- Vishing: Telephone-based phishing scams to gain access to confidential information.
- Smishing: Text-based phishing scams to gain access to confidential information.
- Social Engineering: Manipulation to gain access to secure areas using psychological tactics either to avoid appearing as a security risk or to convince people not to enforce security procedures.
3. Be Vigilant with Technology
As our homes and offices become cluttered with network-connected devices ranging from televisions to smoke alarms to smartwatches and refrigerators, the number of potential entry points for hackers proliferates. As a safeguard, keep a list of all network-connected devices and make sure to check periodically that each device is patched with the latest available firmware.
Unsecured public Wi-Fi networks can be very handy—but also very dangerous if there’s a cyber-criminal on the network. As a safeguard, use a Virtual Private Network to access the Web. A VPN acts as a protective, encrypted buffer between your device and the rest of the people using the network.
To best mitigate damage from a future attack, consider encrypting and backing up your data, as well as instituting strong application- and device-level security. Encrypting your sensitive data means that even an attacker who gains access to the network will struggle to get their hands on the most valuable information. Backing up your data provides a strong defense against a ransom-based attack and means that your data is safe in case you lose control of a device.
As for login and password management, there are several tips that can both help protect your accounts from an attack and limit the damage of a breached account.
Be inconsistent: Don’t reuse a login name or password. Password management programs such as 1Password, Dashlane and LastPass are a good way to generate complex passwords that are unique for each of your online accounts. As an alternative, use long sentences with slight variations, such as “I like summer because it’s hot and baseball.” Long passwords are much more difficult to crack than short ones, even when the short ones appear more complex.
Whether you use a password manager or make your own, it’s crucial to change them regularly—and not to store them in an unencrypted document with obvious names such as “Passwords–2018.”
Don’t telegraph your location on social media. If criminals know you’re away on vacation, it alerts them to opportunities. There’s always the option to post the photos when you return (#latergram). For high-level cybercriminals, social media can be a gold mine for social-engineering and spear-phishing attacks. Limit what you disclose and apply strong privacy filters to accounts.
Ultimately, a security program that’s strong enough to prove resilient against attacks must rely on established security best practices and the education of the families and employees. Breaches may continue to grow in volume and sophistication, however, it’s possible to safeguard the family.
Tony Gebely is Chief Technology and Integration Officer at Family Office Exchange.