Archway Technology Partners and TrustedFamily lay out ten steps for family offices looking to safeguard their data and minimize Internet security threats.

The issue of cyber security is one which, for obvious reasons, is very high on the wealth management industry’s agenda.

According to the 2013 FOX Family Office Benchmarking: Technology in the Family Office study, security worries - which apply both to data itself and how it is communicated - are now mentioned just as often as the issue of technology integration (see here). In turn, rising risk, complexity and Internet exposure are prompting wealthy families and family offices to pay more attention to their insurance coverage, industry executives have warned.

However, a recent white paper by Archway Technology Partners and TrustedFamily said many family offices do not have the necessary IT security measures in place to protect sensitive information – the ramifications of which are clear. The firms highlight that, according to Symantec's Internet Security Threat 2014 report, 552,000,000 identities were exposed to data breaches last year. 

Below is a summary of ten steps Archway Technology Partners and TrustedAdvisor believe family offices should take to safeguard data and minimize Internet security threats.

1.    Hire a trustworthy IT administrator;

2.    Map out data traffic and identify elements to secure: the paper notes that IT administrators need to understand where data is stored; where data moves to and from; and where data moves across the network.

3.    Set up a secure wireless network and limit access: family offices can take different approaches to secure Wi-Fi networks, such as blocking peer-to-peer networking;

4.    Encrypt devices: two strategies include disk encryption and file encryption;

5.    Secure data in transit with virtual private networks (VPN) and secure sockets layer (SSL): the former requires a separate log-in but encrypt the online session, making it the best way of enabling remote access for employees; an SSL is a protocol for web browsing that secures online communication between two machines or from web browser to server (but doesn't require a log-in);

6.    Make it easy for employees to participate: the white paper recommends offering company mobile devices, but to emphasized the important of storing data on the network, not the device itself;

7.    Establish best practices, spanning, for example, data storage, turning devices off when not in use, and thoroughly managing email, passwords and social media;

8.    Plan for accidents or breaches: the paper recommends involving the entire team in preventative discussions, assigning roles, for instance, so that each employee knows what to do in an emergency;

9.    Create a clear process for granting and removing access to company information: designate a "gatekeeper" so that someone on the team is accountable for granting and removing access to information, and;

10.  Develop an employee handbook.

“Security is not just about technology,” the paper says. “It is about the relationship family offices nurture.”

It added: “By encouraging employees to contribute ideas, share knowledge and highlight potential issues, family office management can set the precedent and execute a plan. Developing technical talent in-house and connecting with reliable outside technology partners helps the organization stay up-to-date. Internet crime continues to grow daily, but awareness is family office’s best defensive.”