Whilst some industries are struggling to keep their business floating, others are flourishing during the COVID-19 pandemic. Businesses are shifting their strategies in order to keep existing and to keep making a profit. Investments companies, family offices, wealth management firms, and trust companies will also be hit.
As more and more people work remotely or have the ability to work from home, security protocols could potentially weaken. The risk of cyberattacks could surge according to the Financial Times. Especially, the COVID-19 pandemic that still surrounds us could be an easy stepping stone for cybercriminals to attack.
Cybersecurity, computer security, information security, web security, or information technology security. These are all different names for the protection from damage or theft of your data, hard-ware, and soft-ware which are internet-connected. For convenience, we will now refer to data, hard-ware, and software as data.
In 2018, Francois Botha already wrote an article for Forbes that stated that family offices do need to invest in cybersecurity. The article explains that 92% of all the malware is still delivered by e-mail, which is mostly in the form of targeted phishing attacks. Such as the intent to trick recipients to download an attachment or to click a link. Also, ransomware is gaining popularity among cybercriminals. By encrypting your files and demanding bitcoin payments to restore them cybercriminals are becoming richer than ever. Social platforms, such as LinkedIn, Facebook, Instagram, and Twitter, have become a new way to extract information from people. Which then can be used to threaten or devastate certain people’s safety and security.
Also, Citibank has dedicated a white paper to cybersecurity (2017). “Many Family Offices have the “wealth commensurate with small and medium enterprises, but typically don’t put in place the same levels of security, making them lucrative targets for hackers”. Citibank states that family office face complex cybersecurity challenges because of six differentiating factors:
Ransomware, Business Email Compromise, and Threats on Social Networking Sites
Francois Botha and Citibank state that (1) ransomware, (2) business email compromise, and (3) threats on social networking sites are viewed as important cybersecurity threats.
Ransomware denies victims access to critical data and systems, as mentioned before. But what can you do? Check the address: if the address has weird capitalization for instance you might be more careful (for instance: @hotmAIl.com instead of @hotmail.com). Avoid clicking on links, but if you need to hover your cursor over the link to see and inspect the URL first. Be wary of attachments and do not conduct any personal business with your work email address.
Businesses globally continue to be impacted by a longstanding scheme that exploits executive email accounts and email-based invoicing procedures to execute fraudulent wire payments to foreign banks. But what can you do? Avoid using publicly available email accounts for business purposes. Closely examine email addresses and domain names. Determine if the number of individuals in your organization who have the authority to approve or conduct wire transfers can be reduced. Additionally, create a set of procedures for verifying urgent of confidential wire transfer. Closely monitor high-value transactions, new trading partners, new bank or account numbers, and transfers to any new countries. Once thresholds are established, implement maker/checker requirements to ensure anomalies are not overlooked in processing wire transfer orders.
Lastly, Citibank identifies a few practices to counter threats from social networking sites. Train employees to identify social engineering attacks, malicious posts, and how and what to post publicly. Be vigilant of connection requests from users, even those with established connections to family or friends within your network. Regularly check for external accounts imitating the company or people within the company, and monitor for malicious links posted to pages or in-direct messages.
Check6's Senior Software Developer Takes The Lead
We asked our senior software developer Mark de Haas on his point of view towards the security of data whilst people are working mainly from home.
“Working from home definitely introduces additional risks. Somebody’s home network won’t have the same safety measures as the company network (for instance no firewall) and it’s shared with all the non-work devices of the family. This is especially an issue if they don’t use a VPN.”
In addition, Mark explains that the lack of a company VPN would also mean that any remote resources that have IP whitelist would need to have those whitelists (greatly) expanded in order to include everybody’s home IP address. Next to that, if people don’t have a company laptop and use their personal laptop or desktop PC it’ll have less monitoring for malware for instance as this is similar to the risk of BYOD (bring your own device). Lastly:
“Because people will be communicating more by email and will send each other links to share documents it could provide some additional opportunities for phishing attacks”.
Tips from Mark
As data security at home is and will be of great importance, Mark provided three tips to optimize it at home:
- Use a VPN to reduce the risk of your less secure home network.
- Do not use your work laptop for private purposes and do not use your private laptop/desktop to work from home.
- If you receive an email from someone that wants to share a file with your or a similar link, contact that person to verify that they are indeed the sender.