Protecting your assets is a central part of any wealth management strategy. While most of us may plan for the usual threats, taking precautions such as installing home-security systems and working with trusted advisers, not all of us are vigilant about the possibility of cyber crime.
Cyber crime in the UK is estimated at £27 billion per year. There were some 1.23 million instances of "computer misuses" in the 12 months ending July 2018, according to the Office for National Statistics. And, according to the Cyber Security Breaches Survey 2018, two out of five businesses experienced a cyber attack in 2017.
In a 2017 Campden Research study, 38 percent of ultra-high-net worth (UHNW) families, family offices and family businesses internationally, with an average wealth of US$1.1 billion (£830.4 million), reported they didn't have a cyber security plan in place.
If you fall into that category, you could potentially be more vulnerable to an attack by savvy cyber thieves.
"Hackers that target high-net-worth individuals (HNWIs) have done their homework," says Stacy Bertrand, manager of information security strategy and metrics at City National Bank, an RBC company. "They know they have money and that they have something to steal."
But it's not just financial resources that make these families more vulnerable to a cyber attack. It's also often their public status and lifestyle choices that may make them more susceptible.
Lifestyle cues used for social engineering attacks
Social engineering involves the use of public records and social media to mine your information. Hackers can gain clues about wealth, property ownership and investments by analysing public records, such as the Land Registry and Companies House, and gain further detailed insight by scanning through details that individuals chose to share on social media.
As cyber criminals expect a higher pay-off when attacking high-net-worth individuals, they invest greater resources in attacks. “We are seeing the use of increasingly sophisticated techniques and tools comparable to those used by intelligence agencies and in corporate espionage," says Mohammed Marikar, Director of Intelligence & Automation at RBC in London. “The personal information gained is then used to mount further attacks against the victim, close friends and family, and members of their financial team. While failing to install security updates on your smartphone makes you more vulnerable, extracting information through plain old telephone impersonation is still very common."
Setting ground rules for social media use with your family members can be an effective way to combat the social engineering threat. For instance, you may wish to restrict the types of photos or location information shared through social media, or insist family members use privacy settings to restrict visibility to family & friends, or require new followers to be approved. “But don't let your privacy settings lull you into a false sense of security," says Marikar. “Your information is only as secure as your least-secure contact.'
There are indications UK citizens aren't taking the threat seriously enough. According to the 2018 government report “A Call to Action: The Cyber Aware Perception Report", a large section of the public and small business community underestimate the risk of cyber crime and don't feel there's much they can do about it. As as a result of this, millions are leaving themselves vulnerable to cyber attack.
Public status adds risk
In general, says Bertrand, high-net-worth individuals (HNWIs) are more searchable online. Someone who owns a company, holds a C-suite position, frequently makes large donations to charity or is a public figure has a highly-visible online presence, making it easier for cyber thieves to profile them as potential victims.
"Hackers are able to perform sophisticated spear-phishing attacks with the information they receive from searching the internet," says Bertrand. Spear-phishing involves the use of fake emails which lure you into clicking a link, downloading a file or sharing sensitive personal or financial information that can be easily exploited.
Phishing emails can be used to infect computers with malware and to guard against this type of risk, it's always best to take the "better safe than sorry" approach and pick up the phone to verify the email is actually coming from the person you believe it is.
Lack of centralisation can make cyberattacks easier
Having a broad network of people who aid in managing your wealth can also be a boon for hackers.
"Typically, clients we work with have a financial team," says Bertrand. "Because more people are potentially involved managing various aspects of your financial plan, hackers have more wiggle room to build convincing stories that do not need to be verified."
Bertrand offers two tips for protecting yourself when you have a larger team, or widespread assets.
First, "high-net-worth individuals need to develop a 'trust but verify' process," she explains. "This means that people or companies who work with these individuals need to know what they're allowed to approve and what they need to call and verify." In the best-case scenario, employees should verify all emails and phone calls with you prior to transferring money.
The second tip is to understand where your assets are held. You don't necessarily need to aggregate all your assets in one place but you should have visibility and transparency with regard to where your accounts are located and what's in them.
High-net-worth households have the means to pay
The use of ransomware—a software program which blocks access to systems or data until a ransom is paid—also poses a threat to HNWIs and, while businesses are often the target, individuals and family offices aren't immune.
Because HNW households have the resources to pay the ransom, cyber thieves are betting many of these individuals would prefer to pay up rather than dealing with a locked computer.
Preventing ransomware begins with protecting your personal and financial details and ensuring basic security practices are followed down the line by employees and any other individuals who have access to your information.
Luxury locations are a target for wireless spoofing
When you're traveling, you may find yourself using public and open wireless networks or hotspots to get online. But these networks are particularly unsecured, even when they require a password. Hackers are taking advantage of this fact and targeting luxury hotels and airport lounges where they know HNWIs will be using their laptops and phones.
Never log in to password-protected websites that contain sensitive data, such as your bank accounts, social media channels or email, when using public Wi-Fi. If you need to use a Wi-Fi hotspot, consider using a virtual private network (VPN) to secure your connection.
Recognising and understanding the various ways in which you may be a target of cyber fraud is an important step in protecting your assets. With this knowledge you can have a conversation with the professionals who are managing your assets to ensure they're properly equipped to identify and handle a cyber threat. You'll also be able to take your own precautions so you don't unknowingly make it easy for a cyber thief to target you.
This article originally appeared on CNB.com. City National Bank is an RBC company. This report is for general information and education only and was compiled from data and sources believed to be reliable. City National Bank does not warrant that it is accurate or complete, nor does City National Bank represent that the information provided, if followed, will provide a complete safeguard of your information. City National Bank maintains security procedures designed to help prevent unauthorized access to your accounts and your information.
This publication has been issued by Royal Bank of Canada on behalf of certain RBC ® companies that form part of the international network of RBC Wealth Management. You should carefully read any risk warnings or regulatory disclosures in this publication or in any other literature accompanying this publication or transmitted to you by Royal Bank of Canada, its affiliates or subsidiaries.
The information contained in this report has been compiled by Royal Bank of Canada and/or its affiliates from sources believed to be reliable, but no representation or warranty, express or implied is made to its accuracy, completeness or correctness. All opinions and estimates contained in this report are judgments as of the date of this report, are subject to change without notice and are provided in good faith but without legal responsibility. This report is not an offer to sell or a solicitation of an offer to buy any securities. Past performance is not a guide to future performance, future returns are not guaranteed, and a loss of original capital may occur. Every province in Canada, state in the U.S. and most countries throughout the world have their own laws regulating the types of securities and other investment products which may be offered to their residents, as well as the process for doing so. As a result, any securities discussed in this report may not be eligible for sale in some jurisdictions. This report is not, and under no circumstances should be construed as, a solicitation to act as a securities broker or dealer in any jurisdiction by any person or company that is not legally permitted to carry on the business of a securities broker or dealer in that jurisdiction. Nothing in this report constitutes legal, accounting or tax advice or individually tailored investment advice.
This material is prepared for general circulation to clients, including clients who are affiliates of Royal Bank of Canada, and does not have regard to the particular circumstances or needs of any specific person who may read it. The investments or services contained in this report may not be suitable for you and it is recommended that you consult an independent investment advisor if you are in doubt about the suitability of such investments or services. To the full extent permitted by law neither Royal Bank of Canada nor any of its affiliates, nor any other person, accepts any liability whatsoever for any direct or consequential loss arising from any use of this report or the information contained herein. No matter contained in this document may be reproduced or copied by any means without the prior consent of Royal Bank of Canada.
Clients of United Kingdom companies may be entitled to compensation from the UK Financial Services Compensation Scheme if any of these entities cannot meet its obligations. This depends on the type of business and the circumstances of the claim. Most types of investment business are covered for up to a total of £85,000. The Channel Island subsidiaries are not covered by the UK Financial Services Compensation Scheme; the offices of Royal Bank of Canada (Channel Islands) Limited in Guernsey and Jersey are covered by the respective compensation schemes in these jurisdictions for deposit taking business only.