Cyber Security & Family Offices: A Legacy to Protect

25 July 2018

With research undertaken by Schillings revealing that 28% of Family Offices have experienced a cyber attack in the past and of those, 77% had been subject to phishing campaigns, Family Offices must begin the process of making the transition from ‘we’re not a target’ to ‘everybody is a target’ when it comes to their cyber security.

With Family Offices increasingly falling prey to cyber-criminals, the threat posed to a family’s privacy and reputation is understandably sparking a degree of fear and uncertainty. And yet, there are some very simple top tips that Family Offices can implement to begin countering the myriad of threats posed by a cyber-criminal.

1. Emails - as our research has shown, emails and associated phishing campaigns are one of the most common and successful attack vectors. The solution is not just technical, but importantly human too. Implementing some simple open source technical mitigations, along with training your employees to be aware of social engineering and the anatomy of a phishing email, will greatly reduce the risk of your systems being compromised. In addition to the establishment of your ‘Human Firewall, for those using webmail, applying two-factor authentication settings for each account can greatly strengthen your cyber security.  

2. Passwords - according to a 2017 study of 1,000 individuals by Keeper Security, people re-using passwords for different security logins was 87% between the ages of 18-30 and 81% for those aged 31 and up. Most of these are ‘weak’ and can be reverse engineered. To strengthen your cyber security, consider introducing a password policy to discourage password reuse across corporate and personal services. Furthermore, teach users how to choose a strong password and prompt users to change their password regularly.

3. Personal Devices - for Family Offices who make use of employee’s personal technology as a way of doing business, this brings with it several challenges when it comes to cyber security. Implementing a Mobile Device Management solution will ensure that employees cannot exfiltrate private and confidential information related to the family. In turn, this allows Family Offices to exert greater control over access to corporate services and the ability to erase a device in the event of loss, theft and even a ‘bad leaver’.

4. Document Management System (DMS) - these systems are an integral part of managing the information security of a Family Office. They allow for password protected storage and sharing, access and version control as well as reducing the need for large files to be transmitted via email. This is especially important when sharing private and confidential information with third parties and suppliers.

5. Software Updates - As insignificant as they may seem, software updates are one of the most important components of a successful cyber security plan. Most software updates include security upgrades, based on the latest intelligence pertaining to the evolving tactics being deployed by cyber-criminals at any given time. Ensuring all employees and family members install the latest software updates on their technology can help significantly mitigate a cyber attack targeting a Family Office.

To quote Rod Christie-Miller, CEO and Partner at Schillings: “With only 34% of respondents (in our research) undertaking internal cyber security awareness training, and with phishing the most cited cause of cyber attacks, families need to invest further in their human firewalls, alongside their technical firewalls, while taking a greater interest in their publicly available data before someone else does.”

By following these relatively straightforward top tips, Family Offices can begin the process of implementing a comprehensive cyber security plan; a key tactic of a successful privacy and reputation strategy.

To request a complimentary copy of Private and Confidential - The Cyber Security Report, please contact

Receive our monthly newsletter

About the Author


646 934 6219