How to improve Family Office's cyber-security

Tony Solomou - March 15, 2022

Would you be surprised to learn that 26% of Family Offices have suffered some kind of a cyber attack?  

Boston Private says this was true last year and the figure is higher than usual, in part, because of Covid-19 forcing everyone to work from home, relying heavily on electronic communications. In fact, cyber-criminals see family offices as an easier target than the highly secure banks and professional financial organisations.  


Titles (4)

Email is the most commonly used medium for a cyber-attack. Like other financial organisations, family offices rely heavily on advice, investment recommendation and data exchange with third parties, through the use of email. One of the most common ways to perform an attack is installing ransomware, a malicious software designed to block access to a computer system until a sum of money is paid. This software is installed once a link is clicked in the email or an attachment is downloaded. Bitcoin is the currency of choice of criminals today, as it’s untraceable and easy to collect. 

Spoofing is another commonly used tactic for cyber attacks. This is when a criminal will disguise an email as if it came from a known and trusted source and they then phish for financial or other sensitive information.  

Wholesale payment fraud, where criminals send payment instructions to banks, whilst not as ubiquitous, is still a concern for family offices.  

However, it is worth noting that cyber-attacks can be as simple as a criminal doing some research on the HNWI, leveraging the often large amounts of public information to simply guess a personal email password and use that email account to direct the family office to pay fraudulent bills or contracts urgently. Worse still they can monitor the hacked emails to blackmail the HNWI, causing not only monetary loss but reputational damage. 

Lastly, the compromise of management systems and theft of data is always an area of concern, though it is more likely to be directed from disgruntled employees or other internal sources. The absence of such systems and reliance on Excel spreadsheets can however be a real security nightmare from the point of view of the vulnerabilities the widespread use of the latter can introduce in an organisation. 


Copy of Titles (2)

Cyber attacks are getting increasingly sophisticated and considering family offices are a softer target than other financial institutions, it is more important than ever to protect themselves and their data from criminals. The most obvious rules are the ones that apply to any organisation: 

  • The enforcement of strict password policies and 2-factor authentication 
  • Installing firewalls
  • Using encrypted communication protocols 
  • Ensuring that operating systems on every device carry the latest recommended update. 

But of course, these measures will not be enough to deter the sophisticated hackers operating in today’s dark web. Family offices should always get expert advice on how they can minimise their risks of systems and data penetration. They should also consider implementing new solutions, which take advantage of the latest technologies in terms of security and data exchange encryption. 

An important consideration to bear in mind is the option of running the systems and storing data in the cloud. It may sound counter-intuitive to trust the cloud more than your in-house alternative, but you should ask yourself whether you can match the resources in cyber-security and data recovery of providers such as Microsoft and Amazon. Ultimately, best to leave that job to the experts. 

 Titles (5)

Ensuring family offices have the right systems, policies and procedures in place is imperative to protect against today’s sophisticated cyber-criminals. 

To learn more about cyber-security and protection for your family office, please contact us.