IT and Cyber Security Trends for the Family Office

Making IT-related decisions for a family office in 2018 is markedly different than it was just a few years ago. Without understanding the dramatic changes that have taken place in technology it is easy to make decisions that are costly, ineffective, and can needlessly burden the enterprise for years to come.

Wood table many devices from above copy.jpg

Trends Shaping the IT Landscape for Family Offices

Historically, the IT industry was built around hardware and software sales, proprietary protocols, and long-term service and support commitments. Over the last handful of years, this paradigm has shifted dramatically as a result of significant advances in software, hardware, and network ‘clouds’ that enable remote operations and shared resources. 

Unfortunately, many 3rd-party IT service and support providers for family offices have not adapted as quickly as digital technology has advanced.  In many cases, the providers’ business model is “break-fix” - a term used to describe a typical business transaction; customer “breaks” something and calls the IT services company for support, a technician is dispatched to the job, more hardware and software are sold, and the enterprise receives a bill including labor and expenses. 

The prevailing “break-fix” model supports the antiquated structure of the IT services provider. In many cases, under this scenario, the customer is left with not just unexpected expenses, but also over-engineered solutions that leave employees confused, frustrated, and struggling to realize value from the expenditure. As a result, the best interests of all family office constituents are compromised. Fortunately, there is a better way.

Technological progress is disrupting the traditional IT service and support industry to the benefit of consumers. Software is increasingly replacing the need for local hardware. And ‘clouds’ are providing the ability to remotely monitor and manage IT operations with resources and expenses shared across multiple customers for increased service levels and cost benefits. The “-as-a-service” approach provides pre-emptive service to reduce unforeseen operational interruptions and unpredictable IT expenses.

Another important consideration for the family office when making IT-related decisions concerns technological protocols.  Protocols are set ‘rules’ for technology operations and the coordination and communication across various components. Many entrepreneurs and technology companies have made fortunes by developing and enforcing proprietary protocols for their products and services. Once again, advancements in technology are challenging the legacy model by shortening product cycles and opening standards. As a consumer, the family office gains by having increased options, lower prices, and greater compatibility across components. When making IT-related decisions, family office management should consider and weigh alternatives carefully with a view toward these changes in technology and remain “open” to benefit from advancing innovation and increasing value from products and services. 

How Technological Trends Apply to Cybersecurity Solutions for Family Offices

Advancements in digital technology apply equally to the cybersecurity component of a family office’s needs. Since 2012, record levels of fresh investment capital in the cybersecurity industry is driving innovation and providing increased access to solutions for a broader market application. For the family office, the result is greater efficacy, affordability, and ease of use. More recently, the application of artificial intelligence and machine learning is further driving these positive trends in cybersecurity. 

In cybersecurity, the fast-paced technological change applies to both the threat horizon, and to solutions for risk management and mitigation. Solutions for defense must be managed in real-time with automatic updates and optimization that reflect the current threat environment. Remotely monitored and managed solutions provide dynamic services, and the introduction of artificial intelligence enables protection from threats not seen before.

The Human-Factor is Still the Weakest Link

It is important for the family office to recognize the crucial “human-factor” in cyber risk management and mitigation as the fast-paced change in digital technology is mounting the pressure and vulnerability at this “weakest link.” Employee training and education that provides greater context and framework for understanding digital technology and risk is paramount to achieving broad cultural adaptation and sustained behavioral change at any enterprise. Additionally, family members increasingly expect advice and competency from family office employees regarding cyber risk management.

As a result of increasing cyber risk and client expectations, cyber security must be considered a core component of a family office’s ongoing employee education and development program. Executive management should develop such programs “from the top” with governance and leadership represented broadly for cross-departmental involvement and accountability. Measuring and benchmarking is essential for establishing expectations and identifying areas for focus and further development.

Family offices are faced with a host of particular challenges with regard to cybersecurity. Family members, while being in the information chain for the operation, are not under the hand of compliance or the human resources department. Family office employees must be empowered with the knowledge and skills necessary to “humanize” the issues, and provide effective guidance and counsel expected by the family office constituents.

Cybersecurity from the Boardroom to the Breakroom, to the Living Room

Training and education in cybersecurity are suggested for both employees and family members. Program content that focuses on cyber risk’s existential presence across all roles in life today personalizes the issues and compels an internalization of the subject matter. The goal of this fresh approach is to inform, educate, and empower individuals for greater awareness and adaptability in all functions, personally and professionally. This approach has been proven to enhance program results and ROI for the enterprise.

Brad Inform Educate Empower.jpg

Inform, Educate, and Empower Individuals

The “Inform” component of training includes facts and perspective concerning the scope, severity, and permanence of the problem. This includes the notion that cyber risk today has migrated well beyond the IT department’s scope and control, and that each must assume responsibility and accountability for its management. 

For many, cyber risk is still incomprehensible as a result of its digital nature and intangible form. The “Educate” component of program design should include context and framework that propels greater understanding and differentiation between the nature of traditional and “real” life, and the new Digital Age. In the emerging Digital Age, where we are surrounded by a “virtual” environment whose operating nature is fundamentally different from everything we have known and experienced in the past, new sensibilities are required for everyday activities.

Elements of the “Educate” component should include fundamental “laws” that drive the digital realm, including “Moore’s Law” and exponential progression, and “Metcalf’s Law” and the network effect. Understanding of these basics will aid further discussion and understanding of issues such as the “Mobile Revolution,” the “Internet of Things,” encryption, digital currencies and block chain, Big Data, A.I., and machine learning, as examples. Successful presentation and discussion of these matters prepare individuals for self-empowerment in the Digital Age, personally and professionally, and further drive program ROI for the family office. 

The “Empowerment” part of family office employee and family member training includes the application of best practices and defensive technologies to everyday life. Individuals learn the importance of password management, discretion with social media, sensitivity to public Wi-Fi risks, the application of encryption to everyday life, and other basic elements of self-preservation in the digital realm. Introduction and application of solutions and practices that protect across the individual’s roles in life will significantly increase competence and compliance at the family office operation. Importantly, this adaptation includes points beyond the compliance and IT departments control.

Struggles with IT decisions and managing cyber risk are symptoms of a bigger challenge: adapting to new Digital Age. It’s fair to say that not only are the rules of the game changing but so is the field on which the game is played. Leaders across sectors, public and private, must prepare their employees and constituents with education and training that instills greater knowledge, understanding, and new the sensibilities required for survival and success. 

IT Infrastructure

While some aspects of IT infrastructure will vary by the family office and its particular circumstances and needs, the most important elements to consider are held in common by all, large and small.

The best place to start and end a look at IT infrastructure, is from a 30,000’ level, where you can view the topology at hand. Zoom in to consider the various components and their relationship within your domain of operation. For the family office, when including the logistics of member families in the purview, it’s clear complexities are compounded, and risks are increased. 

The Topology 

Grasping the physical and virtual nature of IT infrastructure requires an element of visualization that sorts and arranges the various components.  An end-to-end module approach is increasingly effective for planning and ‘plug-and-play’ provisioning of components. The strategy is consistent with technological trends and extracting maximum value from IT-related expenditures, including service and support.

Office management should solicit input from family members when defining the scope of IT-related responsibilities. Scenarios are possible from full centralization and integration, including service and support, to a hard line between ‘church and state’ for office professionals and family members. Anywhere on the scale, it is increasingly effective and affordable to provide digital autonomy without compromise, while reducing risk.

While illustrating a modular view of a family office’s IT infrastructure is helpful, it’s important to remember the landscape is constantly shifting and the next five years hold tremendous change. Exponential increases in internet connected devices are propelling expansion of the surface of IT-related concerns and requirements. The family office’s role in providing technology infrastructure that serves its constituents is increasing, as is their role managing the associated rising risks. As a result, all IT should be considered infrastructure for cybersecurity and risk mitigation. 

Leverage Specialization for Planning and Implementing

Resources to manage the challenges of IT infrastructure for a family office today must include a specialist. Value from good advice will pay, while uninformed decisions can be dangerous on multiple levels. 

The specialist should be instrumental in the mapping of the 30,000’ view, consider IT infrastructure and cybersecurity as one, and have advanced knowledge and experience in both. The specialist should be intellectually and conversationally proficient and current with all sub-components and be able to identify best in class providers for each. Depending on family office size and budget, the specialist can be an internal or external individual or team.

Service and Support 

Invariably there will be cause for service and support, and assuring access is important. The harder part is defining the needs of your family office in a manner that assures they will be successfully served. What’s changing is our needs are less often today about speaking to an IT technician for help, and more about speaking to a trained, professional and resourceful person on the other line that works with a company that cares. 

Again, rapid change and increasing scope add complexity to the matter of support, and consistent and predictable service that addresses your needs is essential. There are multiple dynamics at play in determining successful fulfillment, and this component should be considered part and parcel as an overlay to the modular, 30,000’ design. A deliberate mix of remotely accessible support resources with local service vendors is optimal. 

Putting It All Together

While seemingly daunting, the potential results from smart planning and implementation of IT can be enormously empowering to any organization. Focusing on collaboration, specialization, process, and an infrastructure that can be managed modularly is essential for success. The Citi Private Bank in partnership with leading innovators and providers of family office IT solutions is prepared to help every step of the way.

Want to learn more about how we can help?

Click Here