Cyber threat to high net worth individuals is growing (Part 1)

Most multimillion-dollar corporations have robust privacy and security programs, or are in the process of developing them to protect their corporate crown jewels. However, as corporate entities are developing sophisticated processes to mitigate against cyberattacks, hackers have discovered another artery through which to get to these precious stones, leaving high net worth individuals (HNWI), their estates and family offices vulnerable to cyberattacks and privacy breaches.

According to a 2017 Campden Research study, 38 per cent of HNWIs, family offices and family businesses globally, did not have a proper cybersecurity plan and therefore have not mitigated against cyber or privacy risks. As a result, HNWIs are exposed to a loss of revenue, privacy and reputation through the use of blackmail, extortion, fraud and smear campaigns. North American HNWIs had the highest level of known and reported attacks, followed by Europe.

Here is a list of common vulnerabilities:

Social engineering and spear phishing

The Campden Research study revealed that 77 per cent of cyberattacks against HNWI are a result of social engineering as a way to target HNWIs through their family and wealth managers. Hackers are able to identify key persons to target and replicate an HNWI’s profile in order to lure the targeted individuals to transfer funds directly to the hacker without realizing they are doing so. They may also deceive those key persons into opening an attachment to an e-mail, becoming infected by malware and shutting down an entire system or network until ransomware is paid.

It is no longer difficult for hackers to develop a profile identical to the HNWI who they are targeting. Given a HNWI’s public status, a hacker can gather information about an individual through publicly available materials as well as social media accounts. HNWIs often disclose information about their trips, properties, assets, charitable donations, social events and hobbies. They also disclose names and pictures of their family, friends and colleagues. Social engineering is not uncommon especially since HNWIs frequently travel, making it difficult for their trusted advisers and family to verify instructions.

Interconnectivity and unsecured networks

It is not uncommon for HNWIs to make use of interconnected smart devices and the Internet of Things (IoT). This networked environment leaves a HNWI exposed to potential breaches. A hacker simply needs to gain access to one secure private network through a single “smart home” device in order to potentially gain access to a myriad of other private networks, such as vehicles, planes and business networks. Such access may reveal compromising personal information about the targeted HNWI that would threaten the HNWI’s reputation. Hackers may threaten or successfully shut down an operation until a ransom is paid.

Gaining access to a device or account is not difficult to do with HNWIs who leave themselves Cyberthreat to high net worth individuals growing exposed when travelling abroad. HNWIs frequently leave behind an international footprint, in particular when using unsecured networks at airports or luxury hotels. The personal data left behind in international jurisdictions is subject to the local data protection legislation or lack thereof, leaving their data vulnerable to be used in any which way or exposed to third parties without consent or notice.

Here are some ways to mitigate risks:

Hiring experts and conducting audits

Protecting an HNWI is just as important as protecting a corporate entity. Retaining cybersecurity and privacy experts to assess the multiple environments within which HNWIs operate and identify vulnerabilities is a vital first step. Experts in this area are familiar with the most current threat landscape and understand international data protection laws and therefore are in the best position to identify and mitigate privacy and security risks.

Experts will conduct an audit and inventory of all assets, which include international assets and online accounts containing personal data. The audit may also include an assessment of family members’ assets as they may be a weak link in the HNWI chain. Privacy settings of devices and accounts will be reviewed to ensure that the strictest privacy protected settings are enabled, including disabling geotagging to prevent being tracked. Depending on the jurisdiction, it may be necessary to request the HNWI’s personal data be deleted.

Monitor, scan and patch

Scanning and monitoring for security vulnerabilities should be conducted on an ongoing basis. Security protocol, including policies and procedures, should be developed and implemented to mitigate against attacks. An incident response protocol should also be developed for post-attack remediation.

Data protection training Similar to the way the C-Suite in a corporate entity is made aware of privacy risks and sets a privacy and security tone from the top, a HNWI and family members must be aware of the threats and vulnerabilities that they are exposed to in order to set a high expectation for those with whom they surround themselves.

Cybersecurity and privacy experts need to build the capacity of HNWIs and the entire team that handles their professional and personal matters to better understand the threat landscape so that they are better able to defend themselves and identify phishing tactics. If privacy and security is top of mind and integrated into daily routines, the “trust but verify” approach will be implemented as a source of extra protection. Interaction on social media will be adjusted as will protocol with using public networks and setting passwords.

Cybersecurity insurance

Lastly, HNWIs should obtain cyber insurance and ensure the policy covers fraud protection and social attacks. As HNWIs and their team of wealth managers aim to protect the HNWI’s assets, protection against cyberattacks and privacy breaches should not be ignored and should be taken as seriously as any other measure of protecting assets.

This article was originally published on the Lawyer’s Daily.