The family office industry is flooded with warnings about the threat of cyber crime to their fund accounting software and data security. Digital security agency, Total Digital Security warns:
“Criminal hackers understand risk vs. reward. Family offices are considered prime targets for cyber attacks because the environment is rich with upside opportunity, and considered low-hanging-fruit in terms of difficulty and risk of attack.”
While shutting the doors of your family office accounting software to external criminal entities remain of primary importance, focussing on cyber entry points alone could mean that you are ignoring security risks breeding right under your nose.
“With all of the news about foreign state intrusions into U.S. systems, it’s easy to forget that there are other risks. Family offices and wealth advisors are more likely to be targeted by commercial hackers, disgruntled insiders and cyber attackers.”
The reality of systems security is that your family office is under the greatest threat of breach through your least guarded point of entry – whether it be a cyber gateway, or an internal system weakness.
“Security breaches aren’t always the work of faceless hackers or shadowy conspiracies. Personal data is also occasionally compromised – deliberately or unintentionally – by financial advisors, household employees, or trusted family confidants.”
Guarding your Wealth Management Software Against Internal and External Threats
Security breaches can occur on one of two levels of the organisation’s system:
1. Internal access to the organisation’s software applications, the investment accounting software that get used every day, by every employee of the family office to complete their various tasks.
While the visual interface and user-friendly format in which data is presented produces ease-of-use for employees, it also means that confidential data can easily be copied onto external devices and removed from the premises or shared online. This can happen accidentally, or intentionally – by a disgruntled employee or by an individual who seeks to benefit from sharing confidential information with an external source.
2. Server attacks from external sources: More sophisticated hackers could target an enterprise, attempting to access sensitive data by acquiring the organisation’s IP address, hacking through the firewalls directly into the server, and so breaking into your database.
Security policies for guarding against security breaches
With a focus on securing your organisation at all access points, family offices are advised to implement the following security measures,
Concerning external communications:
Enforcing the use of a VPN should be non-negotiable for all external channels.
Integration with external sources should be undertaken with great care. Interfacing with banks and other data sources opens holes in your security and therefore need to be implemented by experts.
Cloud security: Organisations who run on Cloud-based systems must be aware of the various risks associated with this type of software implementation to ensure that appropriate security measures are put in place. Learn more: Is the Cloud Secure Enough for Wealth Management?
Concerning internal systems:
Password policy enforcement: ensure that your system allows you to enforce strong encryption on passwords.
Remote user policies: protect systems security by enforcing the use of a VPN, data encryption software and secured web access for employees who are working remotely.
Bring Your Own Device: Personally, I don’t think that it’s a good idea for enterprises to allow employees to use unsecured devices (which can easily be hacked). Organisations that don’t enforce the installation of a client on all devices create an environment of needless exposure.
Database security: Making use of an industry standard database, such as Microsoft’s SQL Server or Oracle, enforces a high level of security. By opting for a database system that is tailored for organisations dealing with sensitive data, you are guaranteed that a high level of data encryption, appropriate administrator access restrictions and other security measures are in place.
Isolation of activities. Multi family offices should ensure that their software system allows for the implementation of Chinese walls, to provide clients with safety and confidentiality.
Integration of systems: By making use of one integrated system, you set user access only once, and so simplify the secure lock-down of each part of the system.
Flexible and granular user permission: It’s important to choose a system with the flexibility and granularity to allow the administrator to set different levels of permission for different users. This avoids a scenario where operations are continually interrupted by individual requests for access to a particular part of the system.
Audit trail: By choosing a software system that keeps an audit trail, you ensure that your administrator has the capability to track user activity for the purpose of detecting irregular and risky behaviour before it becomes a threat to security.
Close the doors, but don’t forget to guard against internal threats
When it comes to the securing client and organisational data, family offices are under threat from both internal and external sources. While cyber security and the threat of external sources remain a prominent concern, guarding against internal threats should not be neglected when implementing security protocol.
Tony is a member of the Institute of Chartered Accountants in England and Wales and has worked for many years both in accounting practice as well as in the finance industry. He has a long track record in the application of financial and other software both as an end user as well as a provider of software and services to third parties.