Unique Approach to Fighting Cybercrime
High-net-worth families face unique cyber threats. Consequently, fighting back requires unique tactics. Sera-Brynn, a cybersecurity audit and advisory firm, estimates that 30 percent of its cyber service clients have been breached; many of them never knew it. Keeping your private life private is a common goal [for] most people,” states Rob Hegedus, CEO of Sera-Brynn. “Unfortunately, it is too easy in most cases to uncover a person’s status and position through even the most rudimentary online search.”
For HNW families that want to avoid cyber perils, Sera-Brynn advocates a three-step approach: Cybersecurity Compliance, Cyber Insurance and Incident Response. Families may not run like a business, but sometimes the technology that supports them should.
Compliance involves taking a proactive approach to choosing a cybersecurity framework with which to comply. There are industry standards (Payment Card Industry), U.S. government-issued standards (the Department of Commerce’s NIST) and international standards (ISO 27001). There is no single benchmark, but they generally all contain a directive to conduct a “vulnerability assessment.” This is an assessment (often by a third-party) to establish a baseline of “normal” for the computer users in a group. If you establish a baseline, then abnormalities like malware or poorly configured security settings are easier to detect. Cybersecurity companies have technology tools and the human-centric expertise to perform robust network and device scans to gather information. Clients shouldn’t abandon their antivirus programs but should consider improving it by having a trusted, third-party run annual vulnerability assessments.
Finally, have a plan in the event of a cyberattack. While the FBI is the leading agency combatting identity theft, it is also busy dealing with online predators, cybercriminals, overseas adversaries and terrorists. “So, if your plan is to call the FBI and wait,” states Heather Engel, Executive Vice President of Sera-Brynn, “this is not enough. You need a better incident response plan.”
Keeping your smart home smart
These devices comprise what’s known as the Internet of Things (the term used to describe the vast network of things that can connect to the internet). Unfortunately, it’s still the early days of manufacturers incorporating security safeguards to IoT devices. And as the IoT network grows, so does the number of attacks.
In the recent past, as ownership of homes changed, locks would be changed and, hopefully, the garage door opener would be given to the new owner. That was the entirety of the technology transfer.
Now, there are passwords
Darek Dabbs, chief information officer of Sera-Brynn, advises new homeowners to reset all smart home devices back to factory new and re-configure them from scratch. “This is the easiest way to ensure no extra user accounts have been installed,” he states. “When devices are being reset, it is a great time to upgrade/update all of the software and firmware of any IoT device.”
Keeping your sanity in the world of cybercrime
Cybersecurity today requires a shift in mindset. Clients should take stock of their personal computing environments. Knowing what you have is critical to understanding the larger threat. Be vigilant; nothing in cybersecurity is static. The bad actors on the threat landscape are constantly evolving, so protections must too.
Align personal cybersecurity to your clients’ objectives
Are they networking multiple homes? Do they have minor children that use the internet? Do they use technology to make their house, yard, farm, ranch, car, boat or plane smarter and, as a result, hackable? Are all of the professionals, including yourself, who store your clients’ personal information on their systems compliant with cybersecurity industry standards? How are they protecting your client’s information?
Most importantly, have a plan in the event of a data breach or other cybercrime situation. This may be as simple as having some third-party resources available to assist with data recovery, crisis communications or serve as a law enforcement liaison.
Andrea Ayres and Colleen H. Johnson