Multi-Family Office Cybersecurity Considerations

Articles
Published:
May 26, 2022

Multi-Family Offices (MFOs) should proactively consider new cyber security compliance laws and regulations, both here and in foreign jurisdictions, that have been enacted or soon will be. The California Consumer Privacy Act (CCPA), the New York Department of Financial Services Cybersecurity Regulation, and the European Union’s General Data Protection Regulation (GDPR) are some examples of recent changes in the cyber security regulatory environment. MFOs need to understand how these changes will impact their operations—a failure to address the issues potentially created by these regulations could negatively impact their businesses and the cyber security health of their clientele.  For example, MFOs that are public companies might be subject to new Securities and Exchange Commission (SEC) guidelines currently under review. The SEC has recently requested comment on a proposed new rule (17 CFR 229, 232, 239, 240, and 249) to “enhance and standardize” risk management, strategy, and governance around cyber disclosures. This rule is a deliberate and well-considered next step intended to inform investors about a company’s efforts to manage cyber risk, establish a strategy that protects its interests, and establish governance around providing timely notification of “material cybersecurity incidents.” It also highlights and underscores the need to have cybersecurity expertise on a company’s Board of Directors.Considering their clientele—and their hyper-mobile, hyper-connected lifestyles—MFOs should already have well-documented and transparent cyber security practices in place, specifically with regard to risk management, incident response, and governance. MFOs frequently outsource or virtualize many of their services to improve efficiency and cut costs. Because an MFO relies on maintaining its reputation and the trust of its clientele, its leadership cannot abdicate its responsibility to maintain strong cyber security—a thorough review of the virtualized service provider’s security protocols is critical. The last thing an MFO wants is to suffer a breach of personally identifiable information (PII) because of poor security provided by the third-party service, exposing the MFO to any litigation that might follow.In this developing cybersecurity and governance environment, MFOs should:

  • Consider the immediate addition of a cyber security expert to their Board of Directors;
  • Have a third-party organization conduct a holistic security assessment, including cyber security, to inform and author a Cyber Security Risk Management Strategy;
  • Begin or continue providing cyber security education and training to all of their personnel;
  • Review their existing cyber incident response plan, including disclosure procedures;
  • Review their current cyber insurance policies and make themselves aware of  any exclusions; and
  • Hire a company to assist in filling any existing gaps in talent, technology, or policies & procedures.

Red Five has provided risk management services to family offices, executives, and enterprises for the past 18 years. We remain the “go-to company” for our clients’ unique needs, bespoke projects, and subscription-based privacy and security services.

Subscribe for Cutting-Edge Security Insights!

Get the latest news, expert insights, and exclusive updates right in your inbox.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

Corporate Security - Securing American Corporations Against Chinese Cyberattacks

Corporate security is a concern due to continued chinese cyberattacks. Learn how to get started with protecting your corporations.
August 23, 2022
online accounts

Establishing Digital Boundaries

In the ever-expanding, increasingly invasive world of technology and social media, how do you maintain your personal “space?” How do you draw boundaries on social media to replicate the boundaries you’ve established in your in-person life?
November 8, 2022
Training

Red Five to Host Protect Your Assets in Times of Uncertainty Webinar Series

Arlington VA, October 15, 2021 - PRNewswire - Today Red Five Security announced it will host a new webinar series, Protect Your Assets In Times Of Uncertainty, in response to the changing landscape of the COVID-19 pandemic.
October 19, 2021

Let's discuss your security.

Partner with Red5 for unmatched intelligence and analysis expertise tailored to your needs.