Here is the first video foray for the “Wealth Actually” podcast (a bit by accident! We had to switch formats midstream . . . so I decided to experiment with the video format).

I interviewed Christopher Ott on #Cybersecurity for the Ultra High Net Worth, High Net Worth and Family Office space. We talk about how one should view their own digital risks, how to protect yourself, and what to do when you have been compromised. We kept it to 40 minutes and probably could have discussed issues for more than three hours.

Chris is a partner at Rothwell Figg, the litigation firm based in Washington, D.C.

Successfully

Prior

In these roles, he investigated and charged the largest known computer hacking and securities fraud scheme and the hack of Yahoo by Russian intelligence operatives, the largest data breach in history,

Cybersecurity- the main concerns are around the ability to control access and use of information. Everybody has at least three types of information

This is data that will help predict what you are going to do. This is especially useful for hackers and other criminals as they figure out how to access your data.

This is data that regulates the access to a client’s information.

This can include: Passwords (and the need for two factor control, Phones (with automatic password access that can be migrated), and “Deep Fake” video and voice that can trick the gatekeepers into relinquishing access

This can include social, political, or economic influence.

Criminals

Spies

Hybrid hackers

-Russian Type

-Chinese Type

More data

More control

Much more influence

·         Direct socio-political

·         Indirect socio-political

§  Control

·         Analog passwords

·         Never take shortcuts

·         Device security

§  Two

§  What

§  How

§  Who

§  BEC

§  Sim

§  Deep fake audio and video

Understand What You Have and What Your Risks Are

Have Advisors In Place

Don’t Panic- Assess the Situation

Implement Action Plan

Establish an action plan in case of a breach or other compromise.

Emphasize personal relationships with all business transactions. Make sure that you have personal relationships with your advisors and transactors so that there is layer of common sense behind communications.

Audit what you and your family put out in the world of social media both from a cybersecurity AND from a PERSONAL security standpoint. Consider having a policy- even if informal- to prevent predators having access to physical information.

Use multi-factor authentication procedure to confirm and verify instructions (ESPECIALLY for wire transfers or money transactions).

Encrypt emails that include private information such as bank details, credit card numbers, Social Security numbers, etc. 

Back up all data off-site on a regular basis.

Regularly change passwords and use different passwords for platforms so that one breach doesn’t turn into a cascading data breach on other systems.

Perform regular cyber audits to make sure confidential information is secure and that accessible information to the public is properly scrutinized.

Avoid clicking on links and being suspicious of attachments. Run drills to make sure employees have well-ingrained good habits.

Don’t conduct personal business using work email.

This may seem obvious, but don’t store sensitive company information on personal devices or share it on social media.

Avoid public Wi-Fi connections for work purposes.

Run “fire drills” to test the effectiveness of your response plan in the event of a cyber attack.

Review the state of your Cyber-insurance in case something goes wrong.