Family offices are always at risk of cyber-attacks by malicious actors due to the nature of the wealth and sensitive information they typically manage. You may have recently learned how to keep your family office secure by implementing cybersecurity best practice measures we previously featured. Even if you have these measures in place, your family office will need to remain vigilant to ensure you are protected from cyber threats.
Family office cyber threats come in many forms and can cause severe damage to the financial wealth and data that is managed. Below we will discuss a few common cyber threats family offices face and what you need to keep an eye out for to avoid the exploitation of your family office.
Family Office Cyber Threat 1: Email Compromise
One of the most common cyber threats family offices face is through compromised emails. Family offices typically deal with a high volume of emails based on the number of accounts they manage and the high likelihood of a compromised email making its way through to your inbox. These emails are typically phishing emails looking to gain access to your credentials for an account you manage and/or to the corporate system the business operates on.
How to Spot an Email Compromise
If you receive an unsolicited email that is encouraging you to click on a link to regain access to an account, download or open a document you didn’t request, or even possibly track a shipment, it is probably trying to gain access to some form of your credentials. If a cyber-attack is successful in gaining access to your family office credentials, this information can be used to steal additional firm data, request finances through wire transfers, and more. You may also see email compromises come in the form of personnel impersonations.
Family Office Cyber Threat 2: Personnel Impersonation
Family offices interact with numerous people at various organizations through the volume of transactions they handle. Family office administrative and financial personnel face substantial cyber threats based on the level of information they have access to. Typically, a cybercriminal will aim to impersonate someone, possibly a senior executive, or a financial institution a family office works with. Cybercriminals may be able to pull names or organizations to spoof from company websites or social media sites. Be careful how much personal information you post to social media sites and how much of it is publicly accessible.
How to Spot a Personnel Impersonation
When it comes to personnel impersonation cyber threats, family office employees need to keep an eye out for emails that appear urgent. Urgent emails typically relate to requests for wire transfers or phishing schemes to access exploitable data. If the email seems unusual or urgent, it may be a spoofing attack. To check if the email is indeed impersonating someone, you will want to see if the sender name matches the sender email address. You should also check that the email address matches the one you normally receive communications from. If something seems off in an email, you should pick up the phone and call the person making the request. Be sure to use the phone number you have for them in your database, not the one in the email received.
Family Office Cyber Threat 3: Transactional Compromise
The first two family office cyber threats discussed tie into the final cyber threat we are going to cover – transactional compromise. Typically, a transactional compromise occurs when a cybercriminal looks to change the flow of funds from the intended recipient to their own account.
How to Spot a Transactional Compromise
One way to spot a transactional compromise is if you receive a compromised email impersonating someone from the intended recipient or financial institution facilitating the transaction requesting a last minute account information change. If something like this occurs, there is a high likelihood a cybercriminal is trying to receive the finds from the transaction. If you see this happen, you should also check if your data or family office’s information has been compromised. If a cybercriminal has access to your emails, they can see when a transaction is about to be completed and act using that information.
While this list is not inclusive of all potential cyber threats family offices face, these are some of the most common that you should be aware of and know how to spot. You can learn about how to implement cybersecurity measures for your family office, here. If you have any questions on cyber threats against your family office, please contact your Untracht Early advisor.