Oct. 9, 2023: Uncovering the cybersecurity challenges faced by family offices
Last week, I attended the Southeastern Family Office Forum in Atlanta. This private, invitation-only conference covered a myriad of interesting topics—but I couldn’t get this one out of my head: cybersecurity. Cyber threats for family offices are real, and they’re happening every day. The level of sophistication that cybercriminals are operating at is next-level, and if families bury their heads in the sand about it, they’re leaving themselves vulnerable to an attack. Nora Macaluso reports that 26% of family offices have already been targets, and they’re known as “low-hanging fruit” for attackers.
On a much lighter note, we also sent Alyssa Shelasky out to investigate the top New York City power spas for the ultra-high-net-worth set. We all need to unwind, and New York has always been known for its over-the-top luxury—and spas may be one of the best examples of that. We broke the list into spa types (pure luxury, beauty and wellness) so that our readers can pursue based on their preferences. Curious about which spas made our list? Be sure to read the article below.
As always, we appreciate any comments, ideas and insights that would make this newsletter more useful. I look forward to growing this family office community with your help. Please email me at [email protected].
HANDPICKED: Uncovering the cybersecurity challenges faced by family offices
By NORA MACALUSO
Cybercriminals are becoming more sophisticated in their tactics, and family offices are emerging as prime targets. Yet many offices aren’t taking some simple steps that could help plug security holes, cybersecurity experts say.
Some 26% of family offices have been targets of cyberattacks, with almost two-thirds of those coming in the past 12 months, according to a recent survey from Boston Private. Phishing and ransomware attacks are among the top threats, and many of those are aimed at the homes of family members or employees, experts said.
Family offices are “low-hanging fruit” for attackers, said Chris Pierson, founder and CEO of BlackCloak, a firm that provides digital executive-protection services.
With large sums of money under management, often-lax security measures, and personal and business information intermingled on family members’ devices and networks, a family office is a “target-rich environment,” Pierson said.
“Security’s kind of an afterthought” for many busy people, he said. All family members, kids included, are potential exposure points.
BlackCloak says 87% of executives’ personal devices have no security, and 39% of those devices contain malware. In addition, data brokers have access to the home IP addresses of 40% of executives, according to BlackCloak statistics.
The work-from-home trend has made home offices rich targets for phishing and ransomware attacks, security professionals said. Since home addresses are readily available online, it’s relatively easy for criminals to hack into devices on a home network and gain access to personal and business data from there, Pierson said.
“COVID changed everything,” said Steven Saltzstein, chief executive of Force Family Office, which provides a platform for family offices to connect with each other and with service providers. Every device and every family member is a potential access point, Saltzstein said.
“The bad guys — including nation-state intelligence agencies — realize it’s a lot easier to attack senior executives and board members at their home networks to gain access to the information they want,” so many don’t bother trying to get around corporate security systems, said Michael Janke, co-founder of DataTribe, an incubator that invests in cybersecurity companies such as BlackCloak.
Melvin Ejiogu, CEO of the security software company Veemost Technologies, said he’s concerned that overseas actors may step up their attacks on family offices as election season approaches, with the aim of using home devices as bots for election interference tactics such as denial-of-service attacks.
Artificial intelligence is making it easier for bad actors to hack passwords and accounts, Ejiogu said. “Everyone is using it, and hackers are using it, too,” he said. “AI can churn through data in microseconds” and "reengineer” attack plans if it finds a weak security system, he said.
BlackCloak’s Pierson said he sees family offices targeted every day. Phishing and other email-based schemes are the most common and fastest-growing ways that criminals attack these businesses, he said.
Not all cyberattacks are sophisticated. Cybercriminals still use landlines, calling a family member or executive and pretending to be a security expert working for the firm who needs remote access to a computer, Pierson said.
Too often, he said, the person answering the phone falls for the scam.
ESSENTIAL CYBERSECURITY MEASURES
Here are some steps that every family office should be taking:
- Cybersecurity concierge: Just about every family office has an IT department or person, but that’s not the same as cybersecurity, Saltzstein said. He recommends “a dedicated cybersecurity concierge” who can respond to threats and anticipate them.
- Crisis plan: Every family office needs a crisis plan spelling out how to respond to a potential attack, as well as a set of preventive measures and internal controls, according to the advisory firm PKF O’Connor Davies. That should include processes for verifying bank accounts, wire transfers and vendors; reconciling transactions between asset classes and custodians; confirming that transactions arrive on the other end; and detecting any problems or red flags, said Gemma Leddy, partner in charge of PKF O’Connor Davies's family office practice.
- Be on the lookout: Human error is responsible for most cybersecurity breaches, so it’s important to train family members and employees to look out for scammers, said Thomas DeMayo, who leads PKF O’Connor Davies’ cybersecurity and privacy advisory group. “The risk is not going to be from a firewall perspective,” DeMayo said. Criminals “are going to get in through the employees of the family office or potentially the family members themselves.”
- Simulations: Training might also involve hiring a specialist to simulate an attack that could help family offices identify and respond to real events, said Judy Pearson, who heads Woodruff Sawyer’s trustee liability and family office practice. “The trend is becoming more and more clear that while the number of attacks is increasing daily, the number of successful attacks is still predominantly from within the organization,” said Helen Johnson, chief technology officer of the technology consulting firm ComplySci. “It’s still about somebody accidentally opening the wrong email or a rogue employee being upset.”
- Backing up data: Data should also be backed up periodically so it doesn’t end up held hostage in a ransomware attack, Johnson said. “Device management is something everybody should consider, especially if you’re doing anything business-related on a device,” she said. “That goes for iPads, phones, laptops — anything that you can use that may store information.” While security experts continue to recommend multifactor authentication and password managers, “criminals are leveraging ‘info-stealer’ malware to bypass these defenses,” said Josh Amishav, founder and CEO of the data monitoring firm Breachsense.
- Security audits: “Leaked credentials have become the number-one initial attack vector for cybercriminals,” Amishav said. “It's critical for family offices to undergo regular security audits from external offensive security consultants to highlight gaps in their defenses.”
- Cyber insurance: Families needn’t go it alone. As cybercrime increases, cyber insurance is also on the rise. Insurers are starting to offer products that cover things like data restoration and business interruption, security experts said. These companies evaluate a firm’s cybersecurity practices before issuing a policy, and that evaluation in itself might provide some insight, said Johnson.
- Affordable security systems: A robust security system doesn’t have to be expensive, Ejiogu said, as there are now subscription and pay-as-you-go models that allow firms to pay only for what they need. “You don’t have to cough up millions of dollars,” he said. “You can pay per user and have access to some of the technology that the bigger companies use.” Likewise, security technology doesn’t slow performance or micromanage users, Johnson said. Software can recognize multiple devices, so there’s no need for users to type in access codes, she said. Email filters are another “simple line of defense,” she said.
Cybercrime can wreak havoc on a family business’s finances, philanthropic efforts and reputation, security professionals said. “I can’t stress how important reputational risk is,” Johnson said.
“You just need to get hacked once. You just need to lose a customer’s information or be held up for ransom once. When people lose trust in you, are they going to give you their business?”
The power spas of NYC
By ALYSSA SHELASKY
While New York is arguably the best city in the world, it is also one of the most stressful cities in the world. For ultra-successful New Yorkers, in particular, you’re spinning on all cylinders. All the time. 24/7. Work, social obligations, relationship management — it’s one big pressure cooker.
Fortunately, in this extraordinary (and extraordinarily intense) city, on every other corner, there is a spa for everyone, whether you’re looking to escape, unwind, detach, unplug, recharge or restore. The trick is understanding where the best ones are.
In the spirit of luxurious relaxation, here is our list of the top power spas in the city, tested by bona fide spa snobs and categorized by what they do best.
BEST SPA FOR PURE LUXURY | Aman Spa New York
This ultra-exclusive and fully-immersive sanctuary is a once-in-a-lifetime experience. The space is vast (25,000 square feet across three floors), primal and extremely private. There are three holistic clinical rooms, an assessment studio for personalized evaluations, a cryotherapy chamber studio, a yoga and pilates studio, a heated swimming pool, and two private spa houses featuring outdoor Jacuzzis and cold-plunge facilities. Moreover, the spa boasts seven lavish treatment rooms, including an LED and infrared therapy room, where guests can indulge in ultimate relaxation and rejuvenation. The staff is the best in the country, and while this level of pampering does not come cheap, it is undeniably worth the price tag.
BEST WELLNESS SPA | The Well
A day at The Well feels like a gift from the universe. It’s a soulful, holistic and hyper-healthy experience in the truest sense. The space is unimaginably soothing and sublime from the moment you walk in the door until you begrudgingly go home. Their Kitchen & Table cafe has a robust and delectable menu, where you can peacefully enjoy a matcha latte or a seasonal bowl before or after your treatment. And about the treatments? Their facials, massages and foot rubs are the highest-quality in the city.
BEST BEAUTY SPA | Julien Farel Restore Salon & Spa
This glamorous hair and beauty emporium is where you’ll find socialites and celebs getting all the beauty and spa services, but mostly getting a glimpse of the hair demi-god, Julien Farel, himself. Located inside the buzzy Loews Regency New York, the salon and spa maintains a 10,000-square-foot beauty destination for locals and tourists, offering the best haircuts, styling, aesthetics, massage, makeup and fitness all under one unimaginably attractive roof. Farel also has a second salon in Palm Beach’s tony Via Flagler, by The Breakers, on Royal Poinciana Way.
JOIN THE ELITE: Subscribe to Crain Currency now for exclusive insights on the ultra-wealthy and family offices. Click here to stay ahead of the game.
BEST ROMANTIC SPA | AIRE Ancient Baths
Housed in a former industrial factory in Tribeca, AIRE is a vibe: It’s steamy, spiritual and very special. And it’s even better if you bring a date. Because this bathhouse-plus-spa is a seriously sexy spot. Together, couples can move through the dark, moody plunge pools, both hot and freezing cold, and hypnotic saltwater rivers, and steam rooms, and exfoliating stations, and hammans. Afterward, they’re escorted toward the mystical massage dens where the intimate couples massages are a million times better than they need to be. Aire is an unforgettably unique experience for anyone looking to float away from reality and come back feeling like a new person, or a stronger couple.
BEST MED SPA | Ever/Body
You can’t have a spa conversation without mentioning the insatiable thirst for med spas in New York City. There are many excellent and reliable med spas around: the downtown girls’ SKINNEY Medspa and the uptown-darling Inside Beauty are both top-of-the-list. (Not to mention every influencers’ favorite injectable expert: Nurse Tara.)
But of all the hot spots, the “it” med spa of the moment is Ever/Body. Ever/Body is a Utopia for high-tech beauty services, and the scene there is refreshingly pleasant, low-key and light. Their staff is gentle and knowledgeable and clearly understands the difference between looking naturally beautiful and taking things too far. For a glow-up with a side of positive energy, check it out.
BEST FITNESS SPA | Life Time
For a healthy, full-body, full-sweat wellness experience, there is only one destination that has it all, and that is Life Time gym—particularly their epic location in Dumbo that has everyone saying “Wow!” The "it" gym is transfixing in itself, and the spa component is stellar. They offer the best in massages, facials, CBD treatments, red light therapy, and beauty services. You don't need to be a member of Life Time to enjoy the spa, but if you have an appointment, you do get to work out there all day if you desire and use their free childcare and elevated co-working spaces, too.
Affluent Americans cut back their charitable giving in 2022: The vast majority of wealthy U.S. households give generously to charitable organizations and causes — but that percentage dropped 3% from a pandemic-related surge in 2020.
Sotheby's announces 'most important pairing of wristwatches ever to come to auction': The auction house's Important Watches sales in Geneva on Nov. 5 will feature two masterpieces devised by legendary watchmakers George Daniels and Roger W Smith.
Oleg Cassini’s NYC townhouse listed for sale at $13.95 million: The Gramercy Park home is full of Gothic details, including wood-paneled walls, stained-glass windows and a massive great room with an arched ceiling.
Help us with a story: We’re working on a story about the top philanthropic trends for 2024. If you have any comments on the topic, reach out to [email protected].