Protecting your assets is a central part of any wealth management strategy. While most of us may plan for the usual threats, taking precautions such as installing home-security systems and working with trusted financial advisors, not all of us are vigilant about the possibility of cybercrime.
Yet cybercrime affected 143 million Americans in 2017, with financial losses totaling $19.4 billion. More than a quarter of ultra-high-net worth families, family offices and family businesses have been targeted by a cyberattack, yet 38 percent lack a comprehensive cybersecurity plan.
If you fall into that category, you could potentially be more vulnerable to an attack by savvy cyber thieves.
"Hackers that target high-net-worth individuals have done their homework," said Stacy Bertrand, manager of information security strategy and metrics at City National Bank. "They know they have money and that they have something to steal."
But it's not just financial resources that make these families more vulnerable to a cyberattack. It's also often their public status, wealth plan and lifestyle choices that may make them more susceptible.
Underestimating cyberhackers' intentions and capabilities could make you a prime target for cybercrime.
"A lot of high-net-worth individuals are older and don't understand the ins-and-outs of tech, or they're millennials who made their money off tech and are more trusting of it," Bertrand said.
Understanding the ways in which cyber thieves target high-net-worth individuals is one of the first steps to establishing a strong line of defense.
In general, said Bertrand, high-net-worth individuals are more searchable online. Someone who owns a company, holds a C-suite position, frequently makes large donations to charity or is a public figure has a highly visible online presence, making it easier for cyber thieves to profile them as potential victims.
"Hackers are able to perform sophisticated spear-phishing attacks with the information they receive from searching the internet," Bertrand said. Spear-phishing involves the use of phony emails that lure you into clicking a link, downloading a file or sharing sensitive personal or financial information that can be easily exploited.
With very specific details and information gathered from public data, cyber thieves create emails that plausibly impersonate someone and make their request seem authentic.
Most cyberattacks start with a phishing email, which is also one of the most common ways computers are infected with malware. To prevent this from happening to you, it's always best to take the "better safe than sorry" approach and pick up the phone to verify the email is actually coming from the person you believe it is.
Having a broad network of people who aid in managing your wealth can also be a boon for hackers.
"Typically, clients we work with have a financial team," Bertrand said. "Because more people are potentially involved managing various aspects of your financial plan, hackers have more wiggle room to build convincing stories that do not need to be verified."
If the members of your financial team are not all in regular communication with another, it becomes much easier for a hacker to perpetrate a scam. The larger your team, the more avenues hackers can pursue to gather data about your financials.
Risk may be heightened further when assets aren't managed under a single umbrella.
For instance, you may have multiple investments or bank accounts held at different firms, or manage more than one business, making it more difficult to have a centralized snapshot of your assets.
"These hacker groups specifically know that high-net-worth and ultra-high-net-worth individuals have money in various places and don't necessarily track most of their accounts regularly," Bertrand said.
Bertrand offers two tips for protecting yourself when you have a larger team, or widespread assets.
First, "high-net-worth individuals need to develop a 'trust but verify' process," she said. "This means that people or companies who work with these individuals need to know what they are allowed to approve and what they need to call and verify."
In the best-case scenario, employees should verify all emails and phone calls with you prior to transferring money.
The second tip is to understand where your assets are held. You don't necessarily need to aggregate all your assets in one place but you should have visibility and transparency with regard to where your accounts are located and what's in them.
Social engineering involves the use of social media to mine your information. Hackers can gain clues about things like wealth status, property ownership and investments through private details that individuals choose to share publicly on social media. Cyber thieves can then use social media to facilitate a scam.
Say you're the CEO of a real estate investment company. In addition to posting photos of your recent acquisitions, you decide to post some family photos while you're on vacation.
The photos give a cyber thief a clue to your whereabouts. They then approach the money manager or chief financial officer of your company about an investment deal in the area you're visiting.
It appears to be a legitimate opportunity so your money manager or CFO signs off on a wire transfer to the cyber thief, but doesn't double-check with you since you're on vacation. You don't realize until after you've returned from your trip that you've been hit by a cyberattack.
Similarly, your children can also create a target for your family if they're routinely posting on social media. Their photos of designer goods, luxury vacations or high-ticket experiences can cue cyber thieves to your family's wealth status.
Cyber thieves may follow your kids' profiles and attempt to establish a rapport. Under the guise of friendship, through a fake online persona, they collect key data about your family — determining where you live using geotags, getting the names of your family members, finding out where everyone works and when your family will be taking vacations.
Details like this can make it easy for them conduct many kinds of cyberattacks, including phishing, ransomware and wire fraud.
Setting ground rules for social media use with you family members can be an effective way to combat the social engineering threat. For instance, you may wish to restrict the types of photos or information that can be shared through social media, or insist that family members set their account visibility to private-only.
The use of ransomware — a software program blocks access to systems or data until a ransom is paid — also poses a threat to high-net-worth individuals. An estimated 4,000 ransomware attacks occur each day, and while businesses are often the target, individuals and family offices aren't immune.
Because high-net-worth households have the resources to pay the ransom, cyber thieves are betting that many of these individuals would prefer to pay up rather than hassling with a locked computer.
Preventing ransomware begins with protecting your personal and financial details and ensuring that basic security practices are followed down the line by employees and any other individuals who have access to your information.
Installing a firewall on your wireless networks and utilizing a virus filter for email scanning can also strengthen your defenses. Incorporating two-factor authentication, which requires the entry of a unique code along with your user name and password, can protect online account access.
When you're traveling, you may find yourself using public and open Wi-Fi hotspots to get online. But these networks are particularly unsecured, even when they require a password. Hackers are taking advantage of this fact and targeting luxury hotels and airport lounges where they know high-net-worth individuals will be using their laptops and phones.
Never log in to password-protected websites that contain sensitive data, such as your bank accounts, social media channels, or email, when using public Wi-Fi. If you need to use a Wi-Fi hotspot, consider using a virtual private network (VPN) to secure your connection.
Recognizing and understanding the various ways in which you may be a target of cyberfraud is an important step in protecting your assets. With this knowledge you can have a conversation with the professionals who are managing your assets to ensure they are properly equipped to identify and handle a cyberthreat. You'll also be able to take your own precautions so you don't unknowingly make it easy for a cyber thief to target you.
This article is for general information and education only. It is provided as a courtesy to the clients and friends of City National Bank (City National). City National does not warrant that it is accurate or complete. Opinions expressed and estimates or projections given are those of the authors or persons quoted as of the date of the article with no obligation to update or notify of inaccuracy or change. This article may not be reproduced, distributed or further published by any person without the written consent of City National. Please cite source when quoting.