It’s almost a truism of the modern world that it’s a matter of when, not if, a person’s or business’s information will be hacked or stolen. It seems that miscreants are bound to find a way into every online service and database, sooner or later.
Such attacks can be particularly damaging for high-net-worth individuals simply because they have a lot to lose. They are often targeted because of that fact.
Despite the apparent inevitability of such attacks, high-net-worth individuals can take steps to lower the risks. At the very least, these precautions can minimize the damage should a breach occur.
High-net-worth people can be vulnerable to social engineering, or the exploitation of human relationships and trust, because they are likely to employ assistants and other intermediaries.
Attackers can fool these intermediaries by impersonating their employer, often through a spoofed or hacked e-mail account.
“You don’t have to go after a high-net-worth individual; you can go after one of their assistants or their stockbroker or their money manager,” says Robert Capps, vice-president of business development at Vancouver-based NuData Security Inc.
The best foil for these kinds of attempts is the same sort of two-factor authentication that many online services use when signing up users, such as requiring both an e-mail address and a phone number.
Similarly, when receiving an unusual or important request via e-mail, the receiver should always follow up with the sender in a different manner – say, with a phone call – before responding. Odd-sounding e-mails should never be answered via e-mail.
“You have to create a culture of challenging unusual transactions from new suppliers or new account details or purchases that are completely out of the norm for that business entity,” says Dennis Parker, vice-president of business banking at Toronto-Dominion Bank.
Those with lots of money or assets are often well known, or even celebrities. One of the downsides to that notoriety is that social engineering attacks are easier to pull off.
“It may be possible for attackers to find out lots and lots about them and then use that to craft very clever … attacks,” says David Masson, Canada country manager for the cyberdefence firm Darktrace, based in Britain.
One remedy is to scrub the internet of unnecessary personal details that may be floating about – and the regular internet itself won’t do. The dark web, or the seedy layer that exists just underneath the commercial internet, needs to be reviewed as well.
That’s where cybersecurity professionals come in. “You probably want to hire someone who knows what they’re doing,” Mr. Masson adds. “Don’t think of this as an IT problem, think of it as a security problem.”
Freeze your credit
If last year’s Equifax breach provided any lesson, it might be that having an open credit record is a risky proposition.
Few people ever consider this aspect of their overall financial health, but it’s a good idea to freeze a credit account if it’s sitting there gathering virtual dust.
“If you’re not actively out getting credit, there’s no reason to have an open credit file to be queried and potentially to open credit against it,” Mr. Capps says.
NuData also recommends the monitoring and freezing of children’s credit records, which are often overlooked. The company is seeing these accounts increasingly used to commit fraud.
“Any monitoring or potential locks that can be placed on those children’s records before they become adults will go a long way from having to clean up from fraud that has occurred before,” he says.
Minimize travel data
Wealthy people are often frequent travellers, which invites its own set of problems. Just as it’s smart to scrub the internet of unnecessary personal details, so too is it wise to avoid broadcasting movements online through social media accounts.
“Those people who are targeting you, you’re giving them targeting information,” Mr. Masson says. “You’re making their job easy.”
Similarly, frequent travellers should make a point of carrying laptops and smartphones specifically geared to crossing borders, with as little personal or business information on them as possible. “Do I have to take the crown jewels of the family business with me? If you don’t, don’t take it,” Mr. Masson adds. “Where you travel to may not have the same laws as we do in Canada.”
It’s vital for high-net-worth people to keep a constant eye on their financials, or hire a trusted assistant to do so.
“I don’t know how a business manages itself if it doesn’t know what’s going through its account every single day,” Mr. Parker says. “How can you be confident that you haven’t suffered a fraud event if you’re not monitoring your accounts?”
Make backup plans
So you’ve had your information stolen. Now what?
In a lot of cases, victims don’t know the answer to that question. In the case of high-net-worth individuals who may be in charge of a large business, additional questions will likely follow, such as: Do you have a backup copy of your data? Do you call the police or the RCMP? Do you disclose the breach publicly or try to keep it quiet?
With the growing prevalence of attacks, coming up with a contingency plan – and testing it – is essential. “If you don’t plan for it, you may find that someone else will disclose it and it may not be on your terms,” Mr. Masson says.
Cybersecurity insurance for data breaches is also smart, not just because it covers losses, but also because policies usually require holders to follow best practices, which can serve as a precautionary checklist.