Managing the risk of business email compromise and other cyberattacks through proactive family office cybersecurity assessment.
Overview
RSM’s client, a founder of a successful technology company, currently has a family office and a small staff of household employees. Over the years, the client has become more active in private equity and serves as a general partner of his own private equity fund. The client recently was targeted in an unsuccessful business email compromise scheme related to a fraudulent capital call request regarding one of his private equity investments. Fortunately, the client’s bank stopped the payment due to the suspicious account number. However, the client still had cybersecurity concerns, specifically ones surrounding his internal control environment. At the recommendation of the client’s wealth manager, the client requested RSM to scope a proactive family office cybersecurity assessment to help mitigate the risk of similar attacks in the future.
Project
Working collaboratively with the client and wealth advisor, RSM helped to identify and prioritize areas of concern and develop a customized family office cybersecurity assessment. That collaboration facilitated interviews with the client, key family members and family office team members to identify and understand important topics. Those topics included but were not limited to:
- How were payments received and executed?
- How were emails received and responded to?
- How were funds received, and who were they received from?
- How were technologies such as computers and mobile devices used, and what is the potential for those technologies being compromised?
- How did the client, family members and family office team communicate with each other and other key entities, such as third-party providers?
- Who were the client’s key third-party providers, and what services did they provide?
In addition, the client’s technology environment was evaluated, and other potential vulnerabilities were identified and discussed with the client and family office team.
An executive workshop seminar with the client and the client’s family office manager was set up to analyze their processes and the technologies they used to support the family office and the client’s personal life.
During this interactive workshop, RSM showcased for the client methods that bad actors use to target and attack corporate and personal systems. RSM also facilitated hands-on sessions with the client, demonstrating methods to reduce susceptibility to social engineering, business email compromise and ransomware attacks.
Outcome
RSM identified gaps in the client’s professional and personal cybersecurity practices that placed the client at risk. Following the interactive executive workshop seminar, RSM provided a summarized report with recommendations in the areas of encryption, endpoint protection, vendor management, network security, user account and password protection, device management, and internet and social media usage to help strengthen the client’s cyber controls.
Key benefits for the client included
- Education and awareness about current family office trends related to cyberattacks.
- Identification of tools and process enhancements with which a family office could improve its cybersecurity.
- Post-engagement support for implementation of recommendations as needed, and advisory around recommendations.