Citi Private Bank

Browser Requirement

To best view Citi Private Bank's site and for a better overall experience, please update your browser to a newer version using the links below.


Family offices' fight against ransomware

By Edward Marshall, Director, Global Family Office Group

October 18, 2018Posted InFamily Office

The digitization of the world around us has created enormous economic and investment opportunities. Unfortunately, however, it has also given rise to significant new threats. Criminal attacks on information networks are multiplying in number and sophistication all the time. Such cybersecurity threats represent a major challenge for family offices, which serve some of the wealthiest families globally. 

Despite the substantial amounts of wealth that they manage, many family offices do not take cybersecurity seriously enough. Many family offices have the ‘wealth’ commensurate with small and medium enterprises, but typically do not put in place the same levels of security, making them lucrative targets for hackers. There is a misconception among some family office executives that large corporations and governments are much likelier victims of cyberattacks. However, wealth alone is not a predictor of vulnerability. Their informal governance structures, focus on efficient service over security, heavy reliance on small staff with outsized access, and fame and publicity raise the risk of family offices becoming targets for such online scams as ransomware.

Ransomware is malicious software that denies victims access to their critical data and systems. It is most often spread through phishing emails containing malicious attachments or ‘drive-by’ downloading, where victims visit an infected website and malware is downloaded and installed on their technology without their knowledge.  Subsequently, victims are prevented from accessing their own data or system until they pay the cybercriminal a ransom. It is a modern form of extortion focused on one’s digital assets.

Ransomware attacks have evolved and become increasingly sophisticated. Attackers have advanced from preying upon individual consumers to targeting businesses as well. Family offices may be targeted specifically because they have more resources to pay ransom to unlock their data than an individual victim, may be more willing to pay because the data is more valuable, may be subject to legal obligations or privacy concerns to protect their data, or may need to pay so they can perform critical operational functions.

Family offices should seek to prevent ransomware from ever reaching their systems by making employee awareness and training a priority. Employees who can identify and properly handle phishing emails containing ransomware can prevent many infections.

A number of steps can be taken to minimize ransomware risks, including checking email addresses for accuracy, avoid clicking links in emails, being wary of attachments from unrecognized or unexpected senders, and avoiding using work email accounts for personal correspondence.

Family offices can take several further security steps to minimize the risk that ransomware will be installed, including keeping all systems current with updates and security patches, disabling macros in Microsoft Office, and running antivirus software. It is important that staff plan and schedule to do these things, rather than treating them as ad hoc tasks which could easily be forgotten.

Finally, it is important to back up critical data regularly. Having a data backup and recovery plan helps renders the ransom attacker’s demands ineffectual. Family offices should keep copies of important files safe on an offline storage disk, or have a clean version of operating systems handy in case their machines become locked entirely.

Reaching out for professional and law enforcement assistance is critical in the event of a ransomware infection. Simply paying the ransom and resuming business may leave issues unresolved, such as possible continued attacker access to systems and any associated theft of sensitive data. Paying ransom has other pitfalls. There is never any guarantee that the attackers will actually release the data after payment. Paying may also increase the likelihood of the family office being targeted again.

Family offices should consider a three-part security plan focused on people, process, and technology to increase information security readiness. The first two (people and process) are the most effective places to start.

To find out more about what family offices can do to protect themselves against cybersecurity threats, read our white paper: Family offices and cybersecurity