As cyber criminals become more sophisticated, senior executives, wealthy families and their family offices must be hyper vigilant. Wealthy families are targeted in a sophisticated, strategic way which provides attackers with a high chance of success. Targeting the weakest link, for example personal mobile devices or those of children or support staff, can provide easy access to sensitive personal content or confidential business information. So, what are the key threats and what can you do to protect yourself, your family and your business?

Common cybersecurity threats facing high value individuals

Financial loss

Most cyber attacks are financially motivated, and sophisticated cyber criminals have a range of tools and methods at their disposal. These include gaining access to financial credentials to make a fraudulent transaction, and spear-phishing email attacks designed to encourage the victim themselves to inadvertently make a transaction to a fraudulent account.

Reputational risk

Those with a high public or professional profile are attractive targets. Device compromise resulting in a cyber-criminal being able to access sensitive personal content or professional information can be used to extort the target. This can range from personal photographs and messages to commercially sensitive communications. For anyone whose reputational standing is aligned to their commercial value, the risk of exposure and the potential impact of that is dangerously high.

Corporate espionage

Commercially valuable information be that intellectual property, company financial data or strategic plans is highly attractive for cyber criminals. High value litigation, large scale commercial transactions and proprietary data are a key focus. Gaining access to a personal device and then moving laterally onto a corporate network is a common attack chain, and victims often will rarely know they have been compromised.

Cyber criminals will often target the weakest link – for example the personal devices of high value individuals are easy pickings as unlike corporate devices they are rarely managed or protected by any proactive cyber security measures. Similarly, the children or close personal staff of a high value individual are easy targets – compromising their devices first, then moving laterally onto the principal target’s devices is a common and highly effective approach.

How can high-value families stay safe online?

It is essential to be proactive and a simple way is to practice good cyber hygiene including:

• Not using easily guessable passwords or reusing passwords
• Using a password manager
• Ensuring multifactor authentication and biometric authentication is enabled on all applications
• Ensuring that only those with a genuine need have access to your accounts and devices
• Patching vulnerabilities and ensuring operating systems and applications are up to date

For high value families and family offices there is an additional need for a level of proactive cyber security commensurate with the risks they face. Using a VPN is a sensible way of keeping data and activities private and secure. By encrypting the traffic leaving your device, even if an attacker can intercept it, they will be unable to read the data packet’s contents. However, typically VPNs do not encrypt all traffic leaving the device – the only way to have confidence in this defence is through an Always on VPN (AoVPN).

Blocking malicious websites and attachments is another effective way of stopping a cyber-attack. For example, receiving a message with an attachment may seem harmless but it could contain malware that could download to your device and grant access. Similarly, clicking a link that looks legitimate may navigate you to an impersonated website resulting in you exposing vital data such as log-in credentials and passwords.

High value families should also be using a secure personal email service. Ensuring proactive measures are in place to secure against phishing attacks, malicious attachments, and against your email address being spoofed is a key way to protect your communications, identity and data against compromise.