Picture this. You sit down at your desk early on a Monday morning the start of a busy week. As soon as you turn your laptop on, your stomach sinks at the sight of large ominous black screen with text that says your most sensitive files have been encrypted. You are instructed to send $1 million in Bitcoin, within the next 24 hours, to a random crypto wallet. If you don’t make the payment within a few days, the message says, you will lose access to all your personal files, and they will be transferred into the dark web.
Unfortunately, this isn’t a farfetched scenario… It’s a ransomware attack – the most popular and common form of malicious software (malware) attacks. As we spend more and more of our lives online, be it pandemic-induced or due to general technological advances and globalization, cyberattacks — which include ransomware, malware, and phishing attacks — have been on the rise. Scammers, hackers, and fraudsters are using increasingly creative tactics and seizing more and more opportunities to strike.
Let’s look at some, scary, cyber trends:
- In 2020, on average, every person on earth created 1.7MB of data each second. Staggering even compared to 5 years ago.1
- The average cost of a data breach in 2020 was an eyepopping $3.86M. In 2021, it was $4.24M.2
- 1/5 companies that suffered a malicious data breach was infiltrated due to a stolen or compromised credentials.
- 91% of attacks start through an email according to a leading email security firm – Mimecast.
- It takes an average of 287 days for security teams to identify a data breach.3
- In the United States, the annual number of data breaches increased from 662M in 2010 to more than 1,000M by 2021.4
With cyberattacks on the rise, it has become a top priority for many in the financial industry, including here at Northwood, to focus our attention on how to protect our clients and ourselves from such attacks. Here’s a look at some of the most common types of cybersecurity breaches, and what family offices can do to stay safe:
- Phishing/ Social Engineering
The attacker fools the target through impersonation. They pretend to be a family member, a close friend, or anyone with whom you might regularly interact with. Regardless of what impersonating role they take on; the motivation is to extract money or data. The successful attacks are methodical. Hackers take the time to learn details about the person whose identity they are impersonating, by closely following their online habits, emails, social media accounts, before they carry out the attack.
SMS Phishing Example: by clicking on a link that you receive via text, hackers can download your online information or banking details.
This type of attack involves someone convincing the target to install or download malicious software, which provides the hacker with access to the target’s personal or business information and networks. The purpose is to steal or destroy data. These are versatile attacks; hackers use various tactics and threats to gain access, such as viruses and trojans (a malicious digital pest that fools users of its true intent…) Malware penetrates networks when the target downloads or accesses malicious websites, spam emails, unsecured public Wi-Fi networks, or unsecured website links.
As described above, attackers can encrypt and deny a user (or organization) access to files on their computer and demand a ransom payment to restore it. The largest ransomware payment to date is believed to be $40M; an insurer had to make that payment to regain control of its systems.5
What can you do to protect yourself and your family?
- Password Management: the table below highlights the importance of having a long and strong password:
Pro Tip: remembering and managing your passwords can be a pain – using a password manager, which generates and stores unique, complex passwords can be a lifesaver. Here are some password manager platforms that help with that: Keeper, LastPass.
- Multifactor Authentication: For additional security, ensure that all online services that you use, utilize two-factor authentication. Receive a verification code to your phone (via SMS for example) or email, every time you log into your online bank account.
- Social Media: Set ground rules for social media use among your family members (e.g. restrict types of photos or location information that is shared). Social media accounts provide cyber criminals with valuable details and information. For example, if your hacker knows you’re away on vacation, it alerts them to opportunities. Delay posting the photos until when you’re back..#latergram.
- Wireless Networks: Only use private networks to connect online and don’t share your home wifi password liberally.
- Update Your Software: Regularly updating your software will help remove critical vulnerabilities that help hackers access your accounts. Turning on automatic system updates for your devices will help.
- Cyber Insurance: Unfortunately, breaches can happen. Cyber insurance can be purchased to cover you and your family for a range of scenarios (data hacks, stolen identity, infected hardware). This type of security can be an add-on to your existing policies.
- Engage a White Hat (or a white hat hacker): Not all hackers are bad hackers. White hats, or “ethical”, hackers are security professionals whose objective is to help improve your security. A cybersecurity expert can conduct vulnerability assessments, educate your family, and evaluate your current structure to be able to recommend encryption tools and best practice.
Our team at Northwood is continuously looking at implementing industry best practices to ensure that we have the most up-to-date and robust measures to prevent breaches from happening. Leveraging experts in the field is crucial as the threats and hackers become more sophisticated and risk management is constantly evolving. In this digital world it never hurts to be overly cautious and to take the best precautions.