Family business tips for improved cyber-security

Family business tips for improved cyber-security

This article was initially published in "The future for family offices."

Manager, Cyber Security practice

KPMG in the UK


Related content

Mobile in hand

Protection from cyber-attacks is crucial and yet, insists Paul Reilly, not always as complex or expensive as you might think.

Barely a day goes by without a cyber-attack or other incident hitting the mainstream press. Recently we have seen a number of high-profile cases with large companies such as TalkTalk and Sony Pictures. What is not reported with the same gusto is the impact of cyber-attacks, breaches or incidents on individuals or family offices but that doesn’t mean they aren’t happening.

Most attacks stem from organised criminals simply looking to make money, whether by siphoning through payment systems or by targeting decision-makers through ever more sophisticated spear-phishing emails. Many assume that they will know if they have been hacked – not so. A successful hack may sit undetected, with unrestricted access to systems and data, for months and in some cases years.

When considering cyber-security in the family office context, the focus is often on expensive and sophisticated technology solutions, but the margin of vulnerability is often greater when it comes to people and process. What are they releasing online, particularly on social media, and could the aggregation of that data create a fuller picture which may be used to target family members or their interests?

This came to light recently when a well-known businessman spent millions of dollars on physical security only to have his daughter post photos on social media which held metadata, including time and location details, providing a possible target pack to any nefarious individuals.

Cyber-security can be seen as too expensive and complicated, but this need not be the case: improving your security does not need to be focused on advanced, hi-tech solutions. It incorporates how you communicate with your advisers, employees and family members and it is how you make payments or confirm your travel plans.

  • Identify what is most valuable to you and the power that any personal or sensitive information could have if it fell into the wrong hands.
  • Assess your degree of exposure. Do not forget to include to include social media and the ‘internet of things’. Once you have highlighted your risks, the next stage is to look at ways to mediate these.
  • Ensure the fundamental security controls such as firewalls, anti-virus software, secure configurations, security logging and monitoring are all in place and updated.
  • Consider the email system you are using. Many family office employees simply use their personal email accounts for correspondence. Not only does this make it harder for you to manage security but also, as families have found out to their cost, should that employee leave they own and take away all the personal data, often including bank details and passport copies, which has been emailed to them over the years.
  • Make sure two-factor authentication is switched on where available. Combining a password with a verification code, this simple step could have helped to prevent the many naked celebrity photos hitting the internet in 2014.
  • Review your processes and who actually needs access to what information. If your bank always telephones to voice authorise payments, consider replicating this within the family office.
  • Do not forget that people are key players in the effectiveness of cyber-security. Agree social media ground-rules with staff and family members. It is impossible to be completely secure and safe from trying, however, and could be a good way to involve the next generation and make the most of their skills and knowledge.

By taking a positive and proactive approach to managing cyber-risk, you can get ahead of the risks and put yourself on a stronger footing to proceed with confidence.

Family business blog

We hope that by sharing our experiences and other peoples’ stories, we can help family businesses prosper, and reach their full potential.

Read more

Connect with us


Request for proposal



KPMG's new digital platform

KPMG's new digital platform