The accelerating digital transformation of the global economy has made it easier to conduct business from almost anywhere, but there are downsides to the added efficiency and convenience. The quick shift to online transactions has led to increased cyber threats and security breaches, particularly for those who aren't prepared.
"Many businesses are consuming technology faster than they can protect it," says Adam Evans, senior vice president and chief information security officer (CISO) at RBC.
The pandemic has heightened the risk over the past three years, Evans adds, with many people handling sensitive customer information while working from home.
Businesses are battling what Evans calls the growing "economy of crime," which includes everything from well-established phishing and malware operations to ransomware franchises. Data breaches have become a huge and growing problem for companies of all sizes and across sectors.
Small- and medium-sized enterprises (SMEs) are a key threat to supply chains, partner networks and ecosystems, according to the World Economic Forum Centre for Cybersecurity
Cyber security and the family office
The risk is also real for family offices managing billions in assets and dealing with huge volumes of private client information.
The North American Family Office Report 2022
"The more technology a company brings on board, the more it will be targeted," Evans says, adding that smaller firms with fewer resources are often more vulnerable.
"The crux of the problem is: they're not sure where to start."
Evans says businesses can protect themselves by taking the right steps and adopting the proper security frameworks—everything from multi-factor authentication and mandatory employee training to thinking through potential risk scenarios and identifying key stakeholders to manage them. The report shows 68 percent of family offices have a cybersecurity plan, but more than half feel it could be better.
To improve their level of cyber security, Evans says, family offices can begin by identifying which areas of the business are in most need of protection—for example, the client database and intellectual property.
"You need to sit down and think about what you need to protect—and then start building a plan to protect it," he says.
Evans also recommends bringing in cybersecurity experts to help ensure all bases are covered.
"There may be blind spots that family offices are not aware of," he says.
With phishing and malware, for example, the protection may include patching holes in the virtual network and running security software to ensure everything is safeguarded. Businesses also need to know if there are other internal and external systems they're connected to that may not have adequate safeguards in place.
"These steps all help with your cyber hygiene and create more barriers for threat actors who want to compromise your family business systems," Evans says.
Businesses also should have a crisis management plan in case there is a breach.
"You don't want to think about your plan in a time of crisis," he says.
A crisis management plan typically includes contact information for outside organizations equipped to deal with a cyber breach.
"Have you got a retainer with a company to come in and help you through your crisis? Do you know who in law enforcement you would need to call?" he adds, noting that it's imperative to act quickly if there's a breach or suspected breach.
"You need to think of it not as if it's going to happen, but when," Evans says.
Five tips to achieve cyber resilience
As part of the survey results, RBC provided tips for business owners to develop their cybersecurity mitigation and crisis management plans. They include:
1. Prioritizing measures such as multi-factor authentication, mandatory cybersecurity training for employees and limited authorization for those who install software.
2. Thinking through risks and creating a prioritized list of possible cyber events unique to the organization.
3. Compiling a list of key stakeholders—leadership, technical and non-technical persons—and their relevant contact information for use in the event notifications and/or their services are needed.
4. Outlining an engagement procedure to guide the organization's response to a cyber attack, detailing how events will be handled and communicated.
5. Creating a communications template specifying details on how and when to address impacted parties should a cybersecurity incident occur.
Family offices and SMEs, in general, can find more information on adequately preparing and protecting their organization against cybersecurity incidents at this link
In Quebec, financial planning services are provided by RBC Wealth Management Financial Services Inc. which is licensed as a financial services firm in that province. In the rest of Canada, financial planning services are available through RBC Dominion Securities Inc.