Cybercrime is an ever-present threat to holders of great wealth. This article addresses some of the challenges, and how to meet them.

Cybercrime is a hot topic at the moment for obvious reasons. Attacks on Yahoo, Equifax and JP Morgan, to name just three, underscore the problem. Wealth managers, be they banks, family offices or RIAs, must protect their clients and their business. 

This article is an excerpt from a white paper authored for Summitas by Denise Caruso, a veteran technology journalist who began writing about information privacy and security in the 1980s. She has written for numerous trade publications, was founding editor of three executive newsletters on technology and media, and chronicled the first wave of commercial activity on the Internet as the technology columnist for the New York Times business section. Most recently, she served as a researcher and instructor at Carnegie Mellon University, in the Department of Engineering and Public Policy. 

Summitas is a reference platform for communication privacy and data security in the family office and wealth advisory space. Summitas delivers customer selectable apps spanning document management and electronic signing, social engagement and collaboration, and advisory and family services. 

(See below to find out more about Summitas CEO Bill Wyman.)

The editors of this publication are delighted to share these insights and invite readers to respond. The usual disclaimers apply. To comment, email tom.burroughes@wealthbriefing.com and jackie.bennion@clearviewpublishing.com

Anything or anyone connected to the internet, anywhere in the world, has been affected by cybercrime, but not everyone who has been affected is aware of it. Senior cyberlaw officials in the US have noted that smaller companies in particular “are not aware as they should be” of the threat that cybercrime presents, and thus are more susceptible to criminal data breaches than larger, better protected entities. One FBI official stated it bluntly at a cybersecurity conference in July 2019: “You're going to be a target, so think of yourself that way.” 

The genesis of cybercrime can be traced back to the original Internet Protocol, which included no native data protection. In the late 1980s, when the Internet was first opened to commercial activity, computer security experts immediately raised concerns about the compromise of personal privacy and data integrity that the open protocols of the Internet might enable. But the ability to collect and use unprotected information was (and remains) the enabling technology of the internet economy, and their concerns were dismissed.  

Since then, stolen information has become the coin of the cybercrime realm. Billions of records are stolen each year, and annual totals continue to multiply. In 2017 alone, cybercrime cost an estimated $600 billion, representing financial crimes, theft of intellectual property, opportunity costs, restoration or replacement of compromised systems and data, liability payments to customers whose data was stolen, and, significantly, loss of reputation and trust. 
 

The reality of cybercrime can be overwhelming, especially for smaller companies without much available capital to dedicate to security. But experts have begun to challenge the notion that fighting cybercrime is primarily a defensive battle requiring costly resources to block an attack that is already underway. 

Instead, they note, heading off criminal attacks before they occur - a proactive approach, using often overlooked security tools and procedures - may cost far less and do far more to protect a company’s assets and operations.  

The first and most obvious is to implement a hardline, in-house password policy to eliminate sloppy password hygiene. Another is staying on top of weaknesses in application software that are constantly being exploited to gain entry to a corporate network; some weaknesses can be eliminated by simple updating, while others require tracking applications that are known to be continually vulnerable. 

One of the best known and most effective cybersecurity tools, encryption, is implemented far less than is prudent. Cybercrime experts recommend a broad application of encryption in corporate networks: for all local computers, all computers in the cloud, all smartphones, all networked devices, all data in transit and all stored data, individual messages, communications channels, and for authentication between computing devices. 

Cloud computing, the fastest growing segment of the IT services market, is also a growing security risk for corporations. The economic benefits can mask the risks of giving up direct, hands-on control over a company’s digital assets, requiring companies to take additional precautions for securing those assets.  

Basic security measures should also be implemented to protect against malicious human behavior by people within the organization. They include strictly eliminating user access to more data than necessary for their duties; limiting contractor access; installing workstation locks and password lockouts to keep bad actors from gaining access to areas that are not their own. 

While cybercrime is the new normal - no longer the exception, it has become the rule — protecting against cybercrime is widely considered to be futile. Given the lack of the most basic security protections in so many corporate networks, this is at once a dangerous assumption, a self-fulfilling prophecy, and an ongoing open invitation to the criminal class.
 
Industry efforts to normalize cybersecurity as valuable and effective are of critical importance. The process begins with cultivating security awareness of a network’s components and capabilities and susceptibilities, of surrounding threats and risks,e and is followed by developing the best possible strategy to protect a company’s assets from attack.  

Cultivating awareness and implementing precautions may not prevent cyberattacks, but in a time when cybercrime is pervasive and apparently limitless in its reach, there is no justification for inaction. 

About Bill Wyman, Summitas CEO

Wyman has over 35 years of experience working with single- and multi-family offices, and registered investment advisors. Prior to joining Summitas, he was a senior director with BNY Mellon Family Office and managing director with Rockefeller & Co. Earlier, he was MD at Deutsche Bank, and a vice president with JP Morgan, where he was stationed in Geneva, Switzerland. He is a regular at industry conferences where he speaks about software trends, technology risks, and family office operations. Bill earned his BA from the University of Notre Dame and MBA, summa cum laude, from Fordham University.