While 77 percent of Canadians believe they are knowledgeable on cyber security, only 16 percent could identify the majority of cyber terms correctly.
Protecting your assets is a central part of any wealth management strategy. While most of us may plan for the usual threats, taking precautions such as installing home-security systems and working with trusted advisors, not all of us are vigilant about the possibility of cybercrime.
In 2017, there were more than 27,000 cyber-related incidents reported to police and, according to the Canadian Chamber of Commerce, nearly half of small and medium-size businesses in the country have been the victim of a cyberattack, with cumulative costs to Canada's economy representing billions of dollars a year.
In a 2017 Campden Research study, 38 percent of ultra-high-net worth (UHNW) families, family offices and family businesses internationally, with an average wealth of US$1.1 billion, reported they didn't have a cyber security plan in place.
If you fall into that category, you could potentially be more vulnerable to an attack by savvy cyber thieves.
"Hackers that target high-net-worth individuals (HNWIs) have done their homework," says Stacy Bertrand, manager of information security strategy and metrics at City National Bank, an RBC company. "They know they have money and that they have something to steal."
But it's not just financial resources that make these families more vulnerable to a cyberattack. It's also often their public status and lifestyle choices that may make them more susceptible.
Lifestyle cues used for social engineering attacks
Social engineering involves the use of social media to mine your information. Hackers can gain clues about things like wealth status, property ownership and investments through private details that individuals choose to share publicly on social media.
“Cybercriminals are using increasingly sophisticated techniques to trick people into giving up personal or private information," says Adam Evans, vice president of cyber operations and chief information security officer at RBC in Toronto. "They then use that information to target new attacks against these victims. Social engineering tactics can be used in any sort of personal contact, including email, texting, web browsing or by telephone."
Setting ground rules for social media use with you family members can be an effective way to combat the social engineering threat. For instance, you may wish to restrict the types of photos or information shared through social media, or insist family members set their account visibility to private-only.
In the first major survey of Canadians' attitudes to cyber security and the financial industry, RBC partnered with Ipsos to survey more than 2,000 Canadians on their cyber knowledge to gain more insight into Canadians' concerns about cyber security and the steps they can take to protect themselves.
While 77 percent of Canadians believe they are knowledgeable on cyber security, only 16 percent could identify the majority of cyber terms correctly. Nearly two-thirds (61 percent) could not identify the term "phishing", which describes an email designed to trick the recipient into clicking a link or opening an attachment in an effort to steal information or install malicious software.
“As our world becomes increasingly connected through the internet of things, there are more reasons for Canadians to learn how to protect themselves and their data," says Laurie Pezzente, chief security officer & senior vice president of Global Cyber Security at RBC.
Public status adds risk
In general, says Bertrand, high-net-worth individuals (HNWIs) are more searchable online. Someone who owns a company, holds a C-suite position, frequently makes large donations to charity or is a public figure has a highly-visible online presence, making it easier for cyber thieves to profile them as potential victims.
"Hackers are able to perform sophisticated spear-phishing attacks with the information they receive from searching the internet," says Bertrand. Spear-phishing involves the use of fake emails which lure you into clicking a link, downloading a file or sharing sensitive personal or financial information that can be easily exploited.
Phishing emails can be used to infect computers with malware and to guard against this type of risk, it's always best to take the "better safe than sorry" approach and pick up the phone to verify the email is actually coming from the person you believe it is.
Lack of centralization can make cyber attacks easier
Having a broad network of people who aid in managing your wealth can also be a boon for hackers.
"Typically, clients we work with have a financial team," says Bertrand. "Because more people are potentially involved managing various aspects of your financial plan, hackers have more wiggle room to build convincing stories that do not need to be verified."
Bertrand offers two tips for protecting yourself when you have a larger team, or widespread assets.
First, "high-net-worth individuals need to develop a 'trust but verify' process," she explains. "This means that people or companies who work with these individuals need to know what they are allowed to approve and what they need to call and verify." In the best-case scenario, employees should verify all emails and phone calls with you prior to transferring money.
The second tip is to understand where your assets are held. You don't necessarily need to aggregate all your assets in one place but you should have visibility and transparency with regard to where your accounts are located and what's in them.
High-net-worth households have the means to pay
The use of ransomware — a software program which blocks access to systems or data until a ransom is paid — also poses a threat to HNWIs and, while businesses are often the target, individuals and family offices aren't immune.
Because HNW households have the resources to pay the ransom, cyber thieves are betting many of these individuals would prefer to pay up rather than dealing with a locked computer.
Preventing ransomware begins with protecting your personal and financial details and ensuring basic security practices are followed down the line by employees and any other individuals who have access to your information.
Luxury locations are a target for wireless spoofing
When you're traveling, you may find yourself using public and open wireless networks or hotspots to get online. But these networks are particularly unsecured, even when they require a password. Hackers are taking advantage of this fact and targeting luxury hotels and airport lounges where they know HNWIs will be using their laptops and phones.
Never log in to password-protected websites that contain sensitive data, such as your bank accounts, social media channels or email, when using public Wi-Fi. If you need to use a Wi-Fi hotspot, consider using a virtual private network (VPN) to secure your connection.
Recognizing and understanding the various ways in which you may be a target of cyber fraud is an important step in protecting your assets. With this knowledge you can have a conversation with the professionals who are managing your assets to ensure they're properly equipped to identify and handle a cyber threat. You'll also be able to take your own precautions so you don't unknowingly make it easy for a cyber thief to target you.