By: Joseph Jedziniak, AIF®
Cybercrime has been on the rise for years, but a variety of factors have resulted in recent spikes in cybercriminal activity. The pandemic is one of these factors.
COVID-19 has accelerated the digitization of many industries by up to seven years, according to a report from McKinsey & Company. One result of this has been a 400% spike in cybercrimes since the start of the pandemic, according to the FBI.
High net worth Americans may be at especially high risk for cybercrime today due to such factors as their wealth, high name recognition and access to corporate resources. For example, 20% of family offices have knowingly experienced a cyberattack, according to the UBS Global Family Office Report.
Many executives are also now working remotely, some of them off of vulnerable, cloud-based home networks that aren’t designed for the sensitive work these executives are performing. These and other factors make enhanced cybersecurity critical for vulnerable individuals today.
Cyber Threats to High-Net-Worth Individuals
The most common forms of cyberattacks against high-net-worth individuals are phishing schemes, which account for 76% of such attacks, malware (33%) and social engineering (33%), notes the UBS Global Family Office Report. Wire transfer fraud is also common: Armed with stolen personal information, cyberthieves often target wealth managers and try to trick them into wiring clients’ funds to fake, untraceable accounts abroad.
To guard against this, Simon Quick is taking extra precautions before sending out any wire transfers on behalf of our clients. For example, if we receive a “one off” wire request through email, we will follow up with an outbound phone call or verify the identity using Two Factor Authentication. We appreciate your patience throughout this process as we remain vigilant in our efforts to protect your assets and your personal information.
New Forms of Identity Theft
Another common cyberthreat is identity theft. While this is one of the oldest forms of theft, it has been updated by fraudsters for our current times. For example, thieves use real estate websites like Zillow and Redfin to canvass upscale neighborhoods and steal mail that contains sensitive personal information.
Once they have stolen personal information, thieves either sell it for an immediate profit or hold onto it for a bigger payday later. Many of them are patient and don’t mind playing the “long game.” Other common ways cyberthieves steal sensitive personal information include:
- Opening fake credit monitoring accounts. Thieves open these accounts in victims’ names and then look for credit cards that aren’t being used. Then they have new cards issued and sent directly to them.
- Hacking into computers and cell phones. This usually happens when devices are logged into public wi-fi connections. Once they’ve hacked in, thieves are able to steal personal information as well as login IDs and passwords to financial institutions they can use to wipe out bank accounts.
- Leveraging information from massive data breaches. A number of major data breaches have occurred at large businesses over the past couple of years – ranging from Target and Home Depot to LinkedIn and Facebook. These breaches have exposed the sensitive personal information of millions of Americans to data thieves, including Social Security numbers, email addresses, passwords and account numbers.
Reputational threats and social engineering are two additional strategies criminals use to steal money from their victims. By stealing private information or photos stored digitally, thieves will attempt to extort victims by threatening to share their information publicly. Social engineering, meanwhile, uses publicly available information about you from sources like your company’s website or social media to fool you. They might pretend to be your colleague, delivery person, or supplier and contact you to try to trick you into making a fraudulent payment.
Protect Your Information and Assets
Here are 7 steps you can take to help protect your personal information and your assets from cyberthreats:
- Use two-factor authentication. This uses a password and a passcode sent through a different medium (like a text message to a cell phone) to authenticate identity, providing double the protection.
- Segment your home network. You can create different segments in your home network for family members and guests in your home, as well as for personal matters or business access. This can provide an additional layer of protection for your network and devices.
- Strengthen your home wi-fi security and avoid public wi-fi. Make sure your internet router is always locked — if it’s not, you’re giving hackers wide open access to every connected device in your home. While convenient, public wi-fi offered in coffee shops and hotel lobbies is notoriously unsecure, making it a favorite hot spot for hackers.
- Plan ahead for a cyberattack. Even if you take all the right precautions, you could still be victimized by a cyberattack. Think about possible scenarios and how you’ll respond to an attack ahead of time, so you’re prepared to move quickly if one occurs.
- Consider purchasing cyber insurance. A single cyberattack could cost you tens or even hundreds of thousands of dollars. A cyber insurance policy can help you recoup some of these costs. These policies are usually offered as endorsements to homeowner’s policies and may include reimbursements for direct financial losses as well as the cost of a privacy attorney and an IT forensics investigation.
- Password strength. There is often the debate of password complexity vs password length. The original school of thought was that a complex password was more secure such as P@s$word!1. However more recently, the argument for password length has taken the main stage. The National Institute of Standards and Technology (NIST) has offered guidance that longer passwords are more important than complex passwords due to longer passwords taking more time to crack such as Coffee1stadium35!.
- Password hygiene. Changing your password every so often will also help to keep your personal information secure. Most computer experts recommend changing your password every 90 days. Some will say that is too aggressive and others will say that is too passive. This all depends on your computer usage, however if you cannot remember the last time you changed your password then it is probably a good time to do so.
How Simon Quick Can Help
About Joseph Jedziniak, AIF®
Mr. Jedziniak joined Simon Quick in May of 2014 as a member of the Investments Team. He is responsible for daily trading activity, custodial relationship management, cybersecurity, and compliance. In 2017 he successfully completed the Center for Fiduciary Studies Program to earn the Accredited Investment Fiduciary (AIF®) designation. Mr. Jedziniak graduated from York College of Pennsylvania in the spring of 2012 with a B.S. in Finance and a minor in Economics. Learn more about Joe on LinkedIn.
Simon Quick Advisors, LLC (Simon Quick) is an SEC registered investment adviser with a principal place of business in Morristown, NJ. Simon Quick may only transact business in states in which it is registered, or qualifies for an exemption or exclusion from registration requirements. A copy of our written disclosure brochure discussing our advisory services and fees is available upon request. References to Simon Quick as being "registered" does not imply a certain level of education or expertise. No information provided shall constitute, or be construed as, an offer to sell or a solicitation of an offer to acquire any security, investment product or service, nor shall any such security, product or service be offered or sold in any jurisdiction where such an offer or solicitation is prohibited by law or registration. Additionally, no information provided in this report is intended to constitute legal, tax, accounting, securities, or investment advice nor an opinion regarding the appropriateness of any investment, nor a solicitation of any type. Past performance may not be indicative of future results. Different types of investments involve varying degrees of risk. It should not be assumed that future performance of any specific investment or investment strategy will be profitable, equal any corresponding indicated performance level(s), be suitable for your portfolio or individual situation, or prove successful.