Three Tips for Staying Ahead of the Bad Guys – Security Awareness

Date: Aug 22 2018

Tony Gebely, Chief Technology and Integration Officer, Family Office Exchange

This summer we hosted our first FOX Family Security Workshop. According to attendees, security is currently one of their top concerns.

We brought together industry experts to discuss three key areas of security: personal, physical, and cyber. Each presenter flagged examples of security risks and how criminals continue to evolve and improve their techniques. Currently, cyber-crime alone is a trillion-dollar industry. As one attendee commented, “be prepared to be scared.” 

While there is much out there to be wary of -- the good news is that it’s not all doom and gloom. Being aware of the threats is the first step in preparing a robust risk management plan. The workshop provided ideas for developing security policies and best practices that can be the first step in protecting the safety of the family. Here are three key items to consider: 

1. Plan Ahead

Take the time to create a protection plan that touches on all aspects of security for the family. It’s important not to wait until a crisis happens to put a plan in place. A security process should be approached just like the process for evaluating business and investment risks. A thorough, objective, professional risk assessment will identify real and relevant risks based on each family’s mix of assets, lifestyle choices, and other factors such as public profile.  
Once there is a good understanding of risk, urgent items should be addressed, and mitigation strategies can be put into place for others. Always get buy-in from family members and review on a regular basis, especially as there are lifestyle changes such as children getting older, families growing, marriages, and divorces. One key part of the plan is to cultivate a list of security partners in case of an emergency. It’s easier to pick up the phone during a crisis if you have already developed relationships with your vendors.  

2. Use Your Best First Defense

When it comes to security, families and employees are the key to success. The best way to fight a security issue is to avoid it. Families and employees should be trained to be part of their own protection. Training in situational awareness and how to avoid threats can be extremely valuable.  
It’s also important to create a culture of security with employees. Go beyond annual security awareness training and focus on establishing an understanding with employees of how to manage security risks. Also, train household staff to participate in security – from the gardener to the nanny. They’re in a strong position to see things that other family members may not, and they should be trained to look for patterns and unusual activity and know that “if they see something, they should say something.” 

Common Security Scams
  • Phishing – emails aimed at luring recipients to click on an embedded link (which could trigger a malware installation) or surrendering confidential information such as passwords or credit card numbers. 
  • Spear-Phishing – attackers gather specific personal data and often impersonate friends or business associates (including mimicking their email addresses, a tactic called “spoofing”) in order to craft an especially realistic message. 
  • Vishing – telephone-based phishing scams to gain access to confidential information. 
  • Smishing – text-based phishing scams to gain access to confidential information. 
  • Social Engineering – manipulation to gain access to secure areas using psychological tactics either to avoid appearing as a security risk or to convince people not to enforce security procedures. 



3. Be Vigilant with Technology

As our homes and offices become cluttered with network-connected devices ranging from televisions to smoke alarms to smartwatches and refrigerators, the number of potential entry points for hackers proliferates. As a safeguard, keep a list of all network-connected devices and make sure to check periodically that each device is patched with the latest available firmware. 
Unsecured public Wi-Fi networks can be very handy – but also very dangerous if there’s a cyber-criminal on the network.  As a safeguard, use a Virtual Private Network (VPN) to access the web. A VPN acts as a protective, encrypted buffer between your device and the rest of the people using the network.  
To best mitigate damage from a future attack, consider encrypting and backing up your data, as well as instituting strong application- and device-level security. Encrypting your sensitive data means that even an attacker who gains access to the network will struggle to get their hands on the most valuable information. Backing up your data provides a strong defense against a ransom-based attack and means that your data is safe in case you lose control of a device.  
As for login and password management, there are several tips that can both help protect your accounts from an attack and limit the damage of a breached account.  

  • Be inconsistent - don’t reuse a login name or password. Password management programs such as 1Password, Dashlane and LastPass are a good way to generate complex passwords that are unique for each of your online accounts. As an alternative, use long sentences with slight variations, such as “I like summer because it’s hot and baseball.” Long passwords are much more difficult to crack than short ones, even when the short ones appear more complex.  
  • Whether you use a password manager or make your own, it’s crucial to change them regularly—and not to store them in an unencrypted document with obvious names such as “Passwords—2018.” 
  • Don’t telegraph your location on social media. For criminals, knowing you’re away on vacation alerts them to opportunities. There’s always the option to post the photos when you return (#latergram). For high-level cybercriminals, social media can be a gold-mine for social-engineering and spear-phishing attacks. Limit what you disclose and apply strong privacy filters to accounts. 

Ultimately, a security program that is strong enough to prove resilient against attacks must rely on established security best practices and the education of the families and employees. Breaches may continue to grow in volume and sophistication, however, it’s possible to safeguard the family.