Q&A: How estate managers and family offices can improve cybersecurity

With news of cybersecurity breaches and cyber attacks coming out more than ever, what should every family office be aware of, and what can everyone involved in a household do to reduce risk? 

In this Q&A, we asked privacy and cybersecurity expert ​Dr. ​Chris Pierson to share his advice for family offices and private service professionals.

Chris has been on the front lines of cybersecurity and privacy in both the public and private sectors for over 25 years. Today, he is the Founder ​and CEO ​of BlackCloak, a purpose-built platform that protects high-net-worth individuals, corporate executives, and family offices. Previously, at the Department of Homeland Security, Chris served for over a decade as a special government employee on the Cybersecurity and Privacy Committees. He’s also spent time as the Chief Privacy Officer for Royal Bank of Scotland (RBS), as the Chief Information Security Officer (CISO) for two prominent FinTechs, ​as a General Counsel, ​and is a Distinguished Fellow of the Ponemon Institute.  

In this conversation, Chris talks about the risks he and his team see today – and what can be done to keep families, family offices, and the people who support them secure.

Who’s most at risk of cyber attacks? 

With many family offices having assets and funds rivaling those of corporations, with only a fraction of the equivalent cybersecurity protections in place, family offices and the principals they serve are increasingly at risk in today’s cybersecurity environment. High-profile individuals are living lives that frequently exist in the public sphere, have multiple properties presenting a larger attack surface, and are leading busy lives that open up multiple points of vulnerability that your average consumer wouldn’t trigger.  

Why do families and family offices misjudge risk? How does mindset affect vulnerabilities? 

​​​Historically, we’ve been led to believe that cyberattacks exist largely in the corporate and enterprise realms. This means that families and family offices don’t picture themselves as targets because they’re “at home” or just focusing on personal line items. Unfortunately, cybercriminals don’t play fair and are increasingly taking advantage of this misjudgment. The financial pay off for cybercriminals here is enormous and the reputational risk and loss of access to personal information for families and family offices is incalculable. ​​​​ 

What are you seeing in the market today – how are risk levels changing? 

We know these risks exist today and are only increasing – since 2020 alone, losses reported to the Internet Crime Complaint Center (IC3) have tripled to over $12.5 Billion in 2023. And this is just what has been reported — we estimate less than 1% of victims actually report anything. We are seeing massive increases in deep fake attacks, identity theft attacks utilizing information found in breaches on the deep and dark web, and most specific to this population — increases in highly effective socially engineered attacks utilizing the vast swaths of information available on these individuals to target and exploit them. 

Digital security is connected to physical security, protecting your reputation and more – can you share the potential ripple effect of having a good digital security plan in place? 

​​​Incomplete digital security absolutely leads to physical security risks — we are increasingly seeing bad actors gain access to sensitive information that allows them to weaponize that information and target individuals and their families in the physical world. For example, personal phone numbers, personal email addresses, and personal physical addresses that are exposed online can lead to well crafted scams and personalized attacks against individuals that have a higher likelihood of success. Strong digital security makes that information less readily available and harder to harvest, ensuring increased privacy both digitally and physically.​​​​ 

What are four “quick wins” high-profile and high-risk individuals — and the people who support them — can implement today to improve their cybersecurity? 

We don’t want to ask folks to boil the ocean on this — even small steps to keep things secure can make big differences. One of key things here is making sure you have a partner that can be the expert in your pocket should things escalate.  

In the meantime, we always recommend doing the following four things first: 

1. Use Multi-Factor Authentication and Strong Passwords on core accounts: Email Accounts, Financial Accounts, Healthcare Accounts, and Social Media Accounts 
2. Implement Credit Freezes and Fraud Alerts across all three major credit bureaus 
3. Keep your devices updated and apps patched with the latest operating systems (we recommend folks check for these updates at least once a month​)
4. Set up and configure your WiFi’s guest network so that visitors are operating on a separate network from key devices and accounts​

Want to join the conversation?

Thanks to Dr. Chris Pierson for sharing his insights with us. Have questions about cybersecurity? Share them in the Easemakers community, and we’ll ask Chris to answer them in our upcoming interview recording for the Easemakers Podcast!