Digital Armor

A family office commissions a virtual CIO to build a shield against cyber compromise

FAMILY’S CHALLENGE

“One of the issues I’d like to have you guys address – really immediately, if you can,” the Director of a mid-sized family office remarked with emphasis, “is our cyber risk.” Over the next 20 minutes, as part of a routine weekly call with this internal family advisor, Paladin’s team helped the Director think through the best way to address his concerns. “Keep in mind,” said one of the Paladin principals, “that addressing your digital risk isn’t confined to your anti-virus package or your server-based protocols – or even thirty minutes of baseline cyber security training for you and your staff. To do this right, one time, we need to be strategic, comprehensive and thorough. We suggest undertaking a ‘find, fix and follow,’ or monitor if you will, approach that isn’t too complicated but has proven extremely valuable for other family office shops we have set up in a manner similar to yours.”

PALADIN’S SOLUTION

The client decided to elevate the significance of the mission and authorized Paladin to serve, in effect, as the office’s virtual Chief Information Security Officer (vCIO). Over the next few weeks, Paladin analyzed the office’s information technology program and architecture including critical areas such as leadership, technology, support capabilities and the office staff’s understanding of technology risks. We briefed all office members at a detailed level about how to recognize, avoid and defend themselves against threats such as ransomware, social engineering, vishing, and smishing. We developed a comprehensive Information Security Management System (ISMS) program and guided the Director through the process of determining which risks identified should be mitigated and which could be deemed acceptable to the organization – as long as specific countermeasures were kept updated continuously over time.

VALUE TO THE FAMILY

This new ISMS program did its job. Over the first year, the office did not suffer a single attack with material damage. Regular audits of logs and other metrics confirmed that layered defenses were effectively stopping and mitigating attack attempts that, like other offices, measured in the thousands. “We feel very good about our current posture,” the Director said as he authorized a contract extension. “Now make sure you keep us safe for another year.”

The Project Manager’s Thoughts on this Engagement

“Family Office leaders are beginning to understand the risks, threats, and vulnerabilities that complicate their duty to protect the family's digital information and assets.

It's no longer about just protecting the technology ‘front door,’ but all doors, windows (no pun), attics and basements. 

Phones, tablets, computers – and even team members themselves – all represent some degree of risk and implementing a well-designed ISMS program should be mandatory for every family office.

Everywhere.”