Trusted advisors everywhere are reaching out to their clients this time of year. It's the season for checking-in, catching up, and sharing good wishes for the holidays. We take stock and reflect on the year past and pause for sorting our thoughts about the future. What are the top opportunities and concerns for the year ahead? How do we prioritize our goals? Where are our blind spots and weaknesses? These are personal and professional questions, and the answers are individually unique. However, some elements are common, depending on the issues that are defining the hour. So, it's smart and professional to be prepared and address the common concerns to add value where possible.
In 2019, client surveys from a range of industries with HNW and UHNW clients are reporting a consistent conclusion. Financial services, luxury real estate sales, investment newsletters, family office reports, conference audiences, private banks, and third-party surveys; client survey respondents are saying that cyber-related risk is a top concern for them in 2020 and beyond. From almost seven years in the field with private clients and cyber risk, here are some ideas for thinking about cybersecurity and discussing this important topic with your clients.
Cybersecurity for Trusted Advisors & Private Clients
Sophisticated hacking syndicates around the world are using NSA government-grade tools to aim at the wealthy in the U.S. and abroad. The attacks are “opportunistic” and “sprayed” across email accounts in high volumes. And yet, each email in the set is highly customized to the individual target. The exploits are akin to cybercrime we’ve seen over the past few years with losses incurred by CEO spear-phishing and BEC (Business Email Compromise) hacks. Now, bespoke spear-phishing emails are engineered to pull anyone’s personal information from the Dark Web, and hackers are using it to fuel attacks on other, less prepared targets.
Increasingly it is wealthy individuals and families falling victim to digital crimes, and it is essential as client advisors and leaders to elevate the issue of cyber risk and have open conversations about the concerns. Be prepared to provide informed answers and guidance to your firm’s practices and policies, and the tools your firm makes available to them for digital security.
The Three Primary Cyber Attack Surfaces
Digital technology can be abstract. For some, cyber risk is difficult to see in one's mind's eye. Thinking about it in the context of the "Three Primary Attack Surfaces" can help
The vast preponderance of all cyber risk resides at the intersection of people and their personal technology. These intersections we call the "Three Attack Surfaces" for cybercrime. They include email, personally owned internet-connected devices, and the networks used to connect. Thinking critically and being deliberate about the use of email, internet devices, and networks can help avoid a meaningful chunk of the overall risk.
Of course, it’s impossible to eliminate cyber risk, and a resourceful attacker will always hold the advantage over their target. But most of the risk for private clients lies in “opportunistic” attacks. The preponderance of cybercrime losses today is a result of opportunistic attacks that seek vulnerable, easy targets that come with a decent upside. So, being conscious of the battlefields and prepared to defend these three attack surfaces is critical for mitigating the risk.
#1 - Email
Email is cyber-attack vector #1. Protecting from risk getting in and encrypting what goes out of one’s email box solves for a big chunk of the problem.
For email security, we have to consider:
- Where is my email hosted?
- Is the account I am using private?
- Who owns the information shared over my email account?
- Is my inbox protected from malware, phishing, and malicious URLs?
- Can my email be "spoofed"?
- What security measures and tools are available for greater email privacy and security?
Private clients, wealthy families, VIPs, and others are increasingly “privatizing” email with personal domain names and secure hosting. They control who hosts it, and where it's hosted, and they avoid Big Tech’s email data mining and abuses of their personal information.
#2 - Personal Devices
Windows, Macs, and Android devices require anti-virus protection and a suite of other defenses. iPhones and iPads are safe. But laptops, computers, and Androids must be protected in today’s risk environment for HNW and UHNW clients. Innovation in “end-point protection” has advanced considerably and should be revisited. The technologies developed at the enterprise level are now available to consumers and are remarkably effective. We expect capital investment in the IT security industry to increasingly benefit individual consumers for years to come.
#3 - Internet Networks
Some of the most exceptional progress in cybersecurity over the last few years is in the area of internet network security. VPNs and automatic encryption and tunneling are better, more affordable, and more straightforward to use than ever before. Choosing the right VPN provider is essential, but the technology has arrived.
Additionally, software-defined network technology (SD-WAN) is advancing in accessibility and affordability and is becoming a turn-key solution to home and home-office digital security. This network security technology creates an internet and online connection that is clean of the risk and hostilities of the “public” network. Internet-connected devices, including Wi-Fi and internet appliances and “things” are also protected under the shield of protection provided by SD-WANs.
On Smart Home Cybersecurity
The vast proliferation of internet-connected devices in our personal environments is turning the traditional notion of risk in daily life on its head.
Any network-connected device, such as cameras, doorbells, smart-assistants, and home appliances, are all on-ramps to the local network and vectors of potential risk. For smart homes and kids, but really for everybody – serious network security is a “must-have” for wealthy families today.
It’s a bankable bet that cybercrime will get worse in 2020 and the foreseeable future. Considerable economic and reputational damage will be done across industry and economic sectors. But most economic and existential damage will be incurred broadly and at the individual and small-group level. Bringing clients to engage in the topic of cyber risk and self-defense on a level more profound than the past will bring the professional and the client benefits for many years to come.
Original article in Wealth Management Magazine:
By Brad Deflin - https://www.wealthmanagement.com/author/Brad-Deflin