Multi-Family Office Cybersecurity Considerations

Articles
May 26, 2022

Multi-Family Offices (MFOs) should proactively consider new cyber security compliance laws and regulations, both here and in foreign jurisdictions, that have been enacted or soon will be. The California Consumer Privacy Act (CCPA), the New York Department of Financial Services Cybersecurity Regulation, and the European Union’s General Data Protection Regulation (GDPR) are some examples of recent changes in the cyber security regulatory environment. MFOs need to understand how these changes will impact their operations—a failure to address the issues potentially created by these regulations could negatively impact their businesses and the cyber security health of their clientele.  For example, MFOs that are public companies might be subject to new Securities and Exchange Commission (SEC) guidelines currently under review. The SEC has recently requested comment on a proposed new rule (17 CFR 229, 232, 239, 240, and 249) to “enhance and standardize” risk management, strategy, and governance around cyber disclosures. This rule is a deliberate and well-considered next step intended to inform investors about a company’s efforts to manage cyber risk, establish a strategy that protects its interests, and establish governance around providing timely notification of “material cybersecurity incidents.” It also highlights and underscores the need to have cybersecurity expertise on a company’s Board of Directors.Considering their clientele—and their hyper-mobile, hyper-connected lifestyles—MFOs should already have well-documented and transparent cyber security practices in place, specifically with regard to risk management, incident response, and governance. MFOs frequently outsource or virtualize many of their services to improve efficiency and cut costs. Because an MFO relies on maintaining its reputation and the trust of its clientele, its leadership cannot abdicate its responsibility to maintain strong cyber security—a thorough review of the virtualized service provider’s security protocols is critical. The last thing an MFO wants is to suffer a breach of personally identifiable information (PII) because of poor security provided by the third-party service, exposing the MFO to any litigation that might follow.In this developing cybersecurity and governance environment, MFOs should:

  • Consider the immediate addition of a cyber security expert to their Board of Directors;
  • Have a third-party organization conduct a holistic security assessment, including cyber security, to inform and author a Cyber Security Risk Management Strategy;
  • Begin or continue providing cyber security education and training to all of their personnel;
  • Review their existing cyber incident response plan, including disclosure procedures;
  • Review their current cyber insurance policies and make themselves aware of  any exclusions; and
  • Hire a company to assist in filling any existing gaps in talent, technology, or policies & procedures.

Red Five has provided risk management services to family offices, executives, and enterprises for the past 18 years. We remain the “go-to company” for our clients’ unique needs, bespoke projects, and subscription-based privacy and security services.

Subscribe for Cutting-Edge Security Insights!

Get the latest news, expert insights, and exclusive updates right in your inbox.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

Technical Surveillance Countermeasures Live Monitoring: Who Needs It and Why?

Technical Surveillance Countermeasures (TSCM) is one of those highly sophisticated tools within the security practitioner’s toolbox. For most, it is that “odd-sized” tool that you would find toward the bottom of the box, just below the tools you use all the time.
March 30, 2021

Emergency Preparedness Audit – Why Your Business Needs One

This blog educated on the reason to have an emergency preparedness audit. There is no time like the present to prepare for the unknown.
September 21, 2021

Recent Attacks on Substations and Emergency Preparedness

Over the past several weeks multiple disruptive attacks on critical electrical infrastructure such as the substations connected to the US power grid have reemerged in headlines. On November 30, 2022 the Department of Homeland Security described the vulnerable infrastructure as possible targets for groups or individuals seeking to exploit soft targets, cause significant financial losses, or disrupt society.
January 31, 2023

Let's discuss your security.

Partner with Red5 for unmatched intelligence and analysis expertise tailored to your needs.