EP.72 CYBERSECURITY for 2021 with CHRIS OTT

Here is the first video foray for the “Wealth Actually” podcast (a bit by accident! We had to switch formats midstream . . . so I decided to experiment with the video format).

I interviewed Christopher Ott on #Cybersecurity for the Ultra High Net Worth, High Net Worth and Family Office space. We talk about how one should view their own digital risks, how to protect yourself, and what to do when you have been compromised. We kept it to 40 minutes and probably could have discussed issues for more than three hours.

Chris is a partner at Rothwell Figg, the litigation firm based in Washington, D.C.

Successfully litigating complex data security matters, conducting hundreds of investigations, and winning dozens of appeals,

Prior to entering private practice, Mr. Ott held various influential positions at DOJ including Supervisory Cyber Counsel to the National Security Division of the DOJ,

In these roles, he investigated and charged the largest known computer hacking and securities fraud scheme and the hack of Yahoo by Russian intelligence operatives, the largest data breach in history,

BASICS  

Cybersecurity- the main concerns are around the ability to control access and use of information. Everybody has at least three types of information

PREDICTIVE DATA

This is data that will help predict what you are going to do. This is especially useful for hackers and other criminals as they figure out how to access your data.

CONTROLLING DATA

This is data that regulates the access to a client’s information.

This can include: Passwords (and the need for two factor control, Phones (with automatic password access that can be migrated), and “Deep Fake” video and voice that can trick the gatekeepers into relinquishing access

INFLUENCE

This can include social, political, or economic influence.

THREE TYPES OF ADVERSARIES

Criminals

Spies

Hybrid hackers

-Russian Type

-Chinese Type

SPECIAL CONCERNS FOR HNW INDIVIDUALS

More data

More control

Much more influence

·         Direct socio-political

·         Indirect socio-political

WHAT IS IMPORTANT?

§  Control

·         Analog passwords

·         Never take shortcuts

·         Device security

§  Two Factor

INFORMATIONAL AUDITS (DATA MAPPING)

§  What do I have?

§  How do I control it?

§  Who else has access to it?

CONVENIENCE VS. SECURITY

§  BEC

§  Sim Jacking

§  Deep fake audio and video

WHAT TO DO WHEN YOU HAVE BEEN COMPROMISED

Understand What You Have and What Your Risks Are

Have Advisors In Place

Don’t Panic- Assess the Situation

Implement Action Plan

Some Quick Ideas to Protect Yourself and Your Business . . .

Establish an action plan in case of a breach or other compromise.

Emphasize personal relationships with all business transactions. Make sure that you have personal relationships with your advisors and transactors so that there is layer of common sense behind communications.

Audit what you and your family put out in the world of social media both from a cybersecurity AND from a PERSONAL security standpoint. Consider having a policy- even if informal- to prevent predators having access to physical information.

Use multi-factor authentication procedure to confirm and verify instructions (ESPECIALLY for wire transfers or money transactions).

Encrypt emails that include private information such as bank details, credit card numbers, Social Security numbers, etc. 

Back up all data off-site on a regular basis.

Regularly change passwords and use different passwords for platforms so that one breach doesn’t turn into a cascading data breach on other systems.

Perform regular cyber audits to make sure confidential information is secure and that accessible information to the public is properly scrutinized.

Avoid clicking on links and being suspicious of attachments. Run drills to make sure employees have well-ingrained good habits.

Don’t conduct personal business using work email.

This may seem obvious, but don’t store sensitive company information on personal devices or share it on social media.

Avoid public Wi-Fi connections for work purposes.

Run “fire drills” to test the effectiveness of your response plan in the event of a cyber attack.

Review the state of your Cyber-insurance in case something goes wrong.

Frazer Rice © 2024. All rights reserved. Privacy Policy.

Opinions expressed herein are solely those of Frazer Rice, authorized guest-bloggers or comment-posters. No content on this site shall be construed as either investment or legal advice.