Security breaches are a very real threat to the ultrawealthy. Marcus Baram reports on two such recent cases and what experts believe is the best way to safeguard investments. Still, if someone becomes a victim to such an attack, we’ve identified the steps to take immediately after a breach.
Real estate and family enterprises undoubtedly go hand in hand. This week we bring to you the stories behind the most famous buildings in New York City, courtesy of our sibling publication Crain's New York Business. Read on to learn more about the likes of the Macklowes, the Goldmans, the Roses and many more.
As always, we appreciate any comments, ideas and insights that would make this newsletter more useful. I look forward to growing this family office community with your help. Please email me at [email protected].
HANDPICKED: Essential steps for protection in the aftermath of recent data breaches
By MARCUS BARAM
Family offices have recently been caught up in at least two major data breaches — involving Corewell Health, a major health care provider in Michigan, and the Real Estate Wealth Network — potentially exposing some of their most private information to hackers and criminals. Since the breaches involve a third party, family offices are left with few options except to harden their cybersecurity procedures and keep an eye out for suspicious activity, security experts say.
At the end of last year, cybersecurity breaches at both a health management platform and a software company contracted by Corewell affected in total more than 2 million residents of Michigan. The data revealed included name, address, date of birth, medical information such as diagnosis and mental/physical condition, prescription information, as well as insurance and billing information.
And of late December, it was revealed that 1.5 billion records containing information on property owners, sellers, investors and internal logging data were leaked in a data breach of the Real Estate Wealth Network. Among those affected were a slew of wealth investors such as Elon Musk and celebrities such as Kylie Jenner and Dave Chappelle.
Family offices affected by the Corewell breach have reached out to security experts to assess the extent of the damage, sources tell Crain Currency. The average cost of a data breach is nearly $4 million globally and individual family offices are at risk of losing up to $500,000 in ransom.
Yet not many family offices are prepared to manage such cyber risks — less than half (44%) of them have specialist cybersecurity controls.
Not that there’s much to do in the case of a third-party breach such as that involving Corewell, said Mykolas Rambus, the CEO and co-founder of Hush, an AI cybersecurity and privacy company. “At this point, the medical records are out there,” he noted, adding that “the issue is to be prepared for what’s next.”
Leaks of health records can be particularly risky for wealthy families because they involve such sensitive information — such as a cancer diagnosis or a terminated pregnancy — and can be used for extortion. “These groups will then take that information and combine that with other things they’ll find and then try to extort the family,” Rambus said. “There are lots of reasons why someone would rather pay $50,000 than have a medical diagnosis of their child’s condition in the public domain.”
Other potential risks include fraud, said Chris Pierson, the CEO of BlackCloak, a cybersecurity company. Pierson gave the hypothetical of Larry, the head of a family office in the Detroit area, whose records on a recent thyroid problem are leaked to a cybercriminal in a data breach of a hospital.
“They could reach out to Larry at [email protected] and tell him: ‘Your payment to the hospital for the thyroid thing did not go through. We’ve tried contacting you 10 times. Your collection amount is now up to $22,000. Remit payment now.’ And so now you’re able to perpetrate scams because you have the relevant information.”
Unlike other types of data, where family offices can exercise some control over what vendors they use, medical records present a challenge because even wealthy people depend on health care services and providers in their area, and it’s difficult to assess their vulnerability to a cyberattack, Pierson said. Even for a family office that has a concierge physician, the clinic they’re associated with will likely have fewer controls than a large hospital system.
Here’s what you can do if you’re the victim of a data breach:
- Put a credit freeze on your account so that nobody can use your name or information to commit identity theft.
- Make sure your information is off data websites and monitor the dark web so that it’s harder for cybercriminals to track you down.
- Protect all your personal devices, and make sure that your social media accounts are not public.
- Put a PIN on your IRS account so that no one can file tax returns in your name.
As for a family office’s own data, the most effective ways to minimize the costs of data breaches are through cybersecurity operations and employee training, investments in security artificial intelligence and the establishment of robust incident response protocols, said Alex Ivanov, the CEO of FundCount, an accounting and investment analysis firm that works with family offices.
“By investing in cybersecurity measures, family offices can mitigate risks and avoid costly breaches,” said CPA Richard Freiberg of Briarcliff Manor, New York. “But this won’t succeed without also conducting vulnerability tests, implementing protective measures and continuously monitoring the organization’s security framework.”
Basically, it comes down to controlling what you can and taking away from the threat actor what you can out there in the public or on public databases, Rambus said. “The less chance they have of being successful, then they have more incentive to look somewhere else and move on.”
Relative power: The real estate families who run New York
In New York, real estate runs in the family.
At a level that appears unmatched in the rest of the country and perhaps also overseas, huge swaths of the landscape in the city are under the control of a web of fathers and daughters, grandpas and grandsons, second cousins and ex-wives.
Mirroring New York’s rise as a destination for immigrants and a hub of an easy-debt lending culture, family real estate dynasties have surged in stature and influence since the early 20th century after starting out in some cases with a single storefront.
But don’t expect these dynasties — whose portfolios include office towers in the Financial District, supertall luxury condos on Billionaires Row and modest retail offerings in the Bronx — to always call attention to their reach, which often includes an outsize role in politics.
That they cash your rent check is sometimes the only way to know they’re there.
“The people who run the big banks and financial institutions are well-known and visible, which leads people to mistakenly believe that’s where all the power in New York lies,” said Owen Gutfreund, an urban planning professor at Hunter College who also once worked on Wall Street.
“But the power is really in the hands of the big real estate families who fly under the radar.”
In order to create some transparency, Crain’s has profiled 14 of New York’s most prominent and newsworthy real estate families, chronicling their ascent, dealmaking and stumbles along the way. Read the full report here.
From hotel kid to president — how Jabara furthers family legacy: Justin Jabara took over the reins of his family business, Meyer Jabara Hotels, just as the pandemic hit, forcing him to quickly pivot the company so it would survive throughout the COVID-19 lockdown and the following years.
Watch these trends in philanthropy: For its eighth annual 11 Trends in Philanthropy report, the Dorothy A. Johnson Center for Philanthropy highlights the topics and issues facing nonprofits, foundations and communities in the next year and beyond.
Ella Chase: What she’s reading, watching and listening to: In this column, we ask these three simple questions to industry heavyweights.
Help us with a story: We’re working on a story about the intricacies of a virtual family office. If you have any comments on the topic, reach out to [email protected].