Here is the first video foray for the "Wealth Actually" podcast (a bit by accident! We had to switch formats midstream . . . so I decided to experiment with the video format).

I interviewed Christopher Ott on #Cybersecurity for the Ultra High Net Worth, High Net Worth and Family Office space. We talk about how one should view their own digital risks, how to protect yourself, and what to do when you have been compromised. We kept it to 40 minutes and probably could have discussed issues for more than three hours.

Chris is a partner at Rothwell Figg, the litigation firm based in Washington, D.C.

Successfully
litigating complex data security matters, conducting hundreds of
investigations, and winning dozens of appeals,

Prior
to entering private practice, Mr. Ott held various influential positions at DOJ
including Supervisory Cyber Counsel to the National Security Division of the
DOJ,

In these roles, he investigated and charged the largest known computer hacking and securities fraud scheme and the hack of Yahoo by Russian intelligence operatives, the largest data breach in history,

https://youtu.be/XzYwkjA1qiA

BASICS  

Cybersecurity- the main concerns are around the ability to control access and use of information. Everybody has at least three types of information

PREDICTIVE DATA

This is data that will help predict what you are going to do. This is especially useful for hackers and other criminals as they figure out how to access your data.

CONTROLLING DATA

This is data that regulates the access to a client's information.

This can include: Passwords (and the need for two factor control, Phones (with automatic password access that can be migrated), and "Deep Fake" video and voice that can trick the gatekeepers into relinquishing access

INFLUENCE

This can include social, political, or economic influence.

THREE TYPES OF ADVERSARIES

Criminals

Spies

Hybrid hackers

-Russian Type

-Chinese Type

SPECIAL CONCERNS FOR HNW INDIVIDUALS

More data

More control

Much more influence

·         Direct socio-political

·         Indirect socio-political

WHAT IS IMPORTANT?

§  Control

·         Analog passwords

·         Never take shortcuts

·         Device security

§  Two
Factor

INFORMATIONAL AUDITS (DATA MAPPING)

§  What
do I have?

§  How
do I control it?

§  Who
else has access to it?

CONVENIENCE VS. SECURITY

§  BEC

§  Sim
Jacking

§  Deep fake audio and video

WHAT TO DO WHEN YOU HAVE BEEN COMPROMISED

Understand What You Have and What Your Risks Are

Have Advisors In Place

Don't Panic- Assess the Situation

Implement Action Plan

Some Quick Ideas to Protect Yourself and Your Business . . .

Establish an action plan in case of a breach or other compromise.

Emphasize personal relationships with all business transactions. Make sure that you have personal relationships with your advisors and transactors so that there is layer of common sense behind communications.

Audit what you and your family put out in the world of social media both from a cybersecurity AND from a PERSONAL security standpoint. Consider having a policy- even if informal- to prevent predators having access to physical information.

Use multi-factor authentication procedure to confirm and verify instructions (ESPECIALLY for wire transfers or money transactions).

Encrypt emails that include private information such as bank details, credit card numbers, Social Security numbers, etc. 

Back up all data off-site on a regular basis.

Regularly change passwords and use different passwords for platforms so that one breach doesn't turn into a cascading data breach on other systems.

Perform regular cyber audits to make sure confidential information is secure and that accessible information to the public is properly scrutinized.

Avoid clicking on links and being suspicious of attachments...