Multi-Family Office Cybersecurity Considerations

Articles
Published:
May 26, 2022

Multi-Family Offices (MFOs) should proactively consider new cyber security compliance laws and regulations, both here and in foreign jurisdictions, that have been enacted or soon will be. The California Consumer Privacy Act (CCPA), the New York Department of Financial Services Cybersecurity Regulation, and the European Union’s General Data Protection Regulation (GDPR) are some examples of recent changes in the cyber security regulatory environment. MFOs need to understand how these changes will impact their operations—a failure to address the issues potentially created by these regulations could negatively impact their businesses and the cyber security health of their clientele.  For example, MFOs that are public companies might be subject to new Securities and Exchange Commission (SEC) guidelines currently under review. The SEC has recently requested comment on a proposed new rule (17 CFR 229, 232, 239, 240, and 249) to “enhance and standardize” risk management, strategy, and governance around cyber disclosures. This rule is a deliberate and well-considered next step intended to inform investors about a company’s efforts to manage cyber risk, establish a strategy that protects its interests, and establish governance around providing timely notification of “material cybersecurity incidents.” It also highlights and underscores the need to have cybersecurity expertise on a company’s Board of Directors.Considering their clientele—and their hyper-mobile, hyper-connected lifestyles—MFOs should already have well-documented and transparent cyber security practices in place, specifically with regard to risk management, incident response, and governance. MFOs frequently outsource or virtualize many of their services to improve efficiency and cut costs. Because an MFO relies on maintaining its reputation and the trust of its clientele, its leadership cannot abdicate its responsibility to maintain strong cyber security—a thorough review of the virtualized service provider’s security protocols is critical. The last thing an MFO wants is to suffer a breach of personally identifiable information (PII) because of poor security provided by the third-party service, exposing the MFO to any litigation that might follow.In this developing cybersecurity and governance environment, MFOs should:

  • Consider the immediate addition of a cyber security expert to their Board of Directors;
  • Have a third-party organization conduct a holistic security assessment, including cyber security, to inform and author a Cyber Security Risk Management Strategy;
  • Begin or continue providing cyber security education and training to all of their personnel;
  • Review their existing cyber incident response plan, including disclosure procedures;
  • Review their current cyber insurance policies and make themselves aware of  any exclusions; and
  • Hire a company to assist in filling any existing gaps in talent, technology, or policies & procedures.

Red Five has provided risk management services to family offices, executives, and enterprises for the past 18 years. We remain the “go-to company” for our clients’ unique needs, bespoke projects, and subscription-based privacy and security services.

Subscribe for Cutting-Edge Security Insights!

Get the latest news, expert insights, and exclusive updates right in your inbox.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

Three Reasons You Should Delete Your Old Online Accounts

How much do your outdated and likely forgotten online accounts reveal about you? What kind of data do they store? Delete old accounts and remove your personal information from unwanted sites.
April 8, 2022
A group of men sit around outdoors with two jeeps that appear to be worked on.
Red Hands Helping

Fox Bravo Overland and Red Hands Helping honor heroes with wilderness therapy out west

Red Hands Helping, the charitable arm of Red Five Security, supported Fox Bravo Overland this summer in getting first responders and veterans into the wild for some nature therapy amongst peers.
November 9, 2023

3 Risks Your Corporate Insider Threat Program May be Overlooking

Corporate insider threats are increasing in both frequency and financial impact, according to industry studies, reinforcing the importance of a robust Insider Threat Program. Insiders pose a unique threat as they are given privileged access to the company’s assets and are trusted to use that access responsibly and ethically.
May 18, 2022

Let's discuss your security.

Partner with Red5 for unmatched intelligence and analysis expertise tailored to your needs.