Podcast: Play in new window | Download | Embed
Subscribe: Apple Podcasts | Google Podcasts | Spotify | Android | Pandora | Stitcher | More
Here is the first video foray for the “Wealth Actually” podcast (a bit by accident! We had to switch formats midstream . . . so I decided to experiment with the video format).
I interviewedÂ Christopher OttÂ onÂ #CybersecurityÂ for theÂ Ultra High Net Worth, High Net WorthÂ andÂ Family OfficeÂ space. We talk about how one should view their own digital risks, how to protect yourself, and what to do when you have been compromised. We kept it to 40 minutes and probably could have discussed issues for more than three hours.
Chris is a partner at Rothwell Figg, the litigation firm based in Washington, D.C.
Successfully litigating complex data security matters, conducting hundreds of investigations, and winning dozens of appeals,
Prior to entering private practice, Mr. Ott held various influential positions at DOJ including Supervisory Cyber Counsel to the National Security Division of the DOJ,
In these roles, he investigated and charged the largest known computer hacking and securities fraud scheme and the hack of Yahoo by Russian intelligence operatives, the largest data breach in history,
Cybersecurity- the main concerns are around the ability to control access and use of information. Everybody has at least three types of information
This is data that will help predict what you are going to do. This is especially useful for hackers and other criminals as they figure out how to access your data.
This is data that regulates the access to a client’s information.
This can include: Passwords (and the need for two factor control, Phones (with automatic password access that can be migrated), and “Deep Fake” video and voice that can trick the gatekeepers into relinquishing access
This can include social,Â political, or economic influence.
THREE TYPES OF ADVERSARIES
SPECIAL CONCERNS FOR HNW INDIVIDUALS
Much more influence
Â· Direct socio-political
Â· Indirect socio-political
WHAT IS IMPORTANT?
Â· Analog passwords
Â· Never take shortcuts
Â· Device security
Â§ Two Factor
INFORMATIONAL AUDITS (DATA MAPPING)
Â§ What do I have?
Â§ How do I control it?
Â§ Who else has access to it?
CONVENIENCE VS. SECURITY
Â§ Sim Jacking
Â§Â Â Deep fake audio and video
WHAT TO DO WHEN YOU HAVE BEEN COMPROMISED
Understand What You Have and What Your Risks Are
Have Advisors In Place
Don’t Panic- Assess the Situation
Implement Action Plan
Some Quick Ideas to Protect Yourself and Your Business . . .
Establish an action plan in case of a breach or other compromise.
Emphasize personal relationships with all business transactions. Make sure that you have personal relationships with your advisors and transactors so that there is layer of common sense behind communications.
Audit what you and your family put out in the world of social media both from a cybersecurity AND from a PERSONAL security standpoint. Consider having a policy- even if informal- to prevent predators having access to physical information.
Use multi-factor authentication procedure to confirm and verify instructions (ESPECIALLY for wire transfers or money transactions).
Encrypt emails that include private information such as bank details, credit card numbers, Social Security numbers, etc.Â
Back up all data off-site on a regular basis.
Regularly change passwords and use different passwords for platforms so that one breach doesn’t turn into a cascading data breach on other systems.
Perform regular cyber audits to make sure confidential information is secure and that accessible information to the public is properly scrutinized.
Avoid clicking on links and being suspicious of attachments. Run drills to make sure employees have well-ingrained good habits.
Don’t conduct personal business using work email.
This may seem obvious, but don’t store sensitive company information on personal devices or share it on social media.
Avoid public Wi-Fi connections for work purposes.
Run “fire drills” to test the effectiveness of your response plan in the event of a cyber attack.
Review the state of your Cyber-insurance in case something goes wrong.