Digital risk for African family businesses
In a world where all things are online and data-driven, families of wealth need to be particularly careful about the dangers of not having the right protections regarding their data. Cybercrime threatens not only the financial well-being of the family but also the personal safety and reputation of family members.
Moreso, families with wide name recognition are vulnerable to many angles but especially two. One where their wealth can be fraudulently stolen, and another where blackmail and the risk of bad publicity are looming from all corners. In 2017, a survey conducted by CSIS and McAfee stated that close to $600 billion are lost to cyber-crimes annually, which amounts to one percent of the global GDP.
Individuals, families, and major firms have experienced significant losses due to cyber-crimes. It’s imperative that families of wealth and those with family offices learn about the various ways that new threats occur and determine how well they can shield their information and systems.
Having an in-house IT specialist may be an overly cautious move, yet it is a necessary conversation. Data encryption and protection have never been more important and hackers on the dark web have never been more sophisticated. From cellphones to tablets, to personal computers and hard drives, sensitive materials are consistently being shared. No family or family enterprise can ignore the forward march of technology, which, if properly embraced, can be immensely positive, but if underestimated, can be commercially devastating; personally painful, and or harmful to a family’s reputation.
Outdated systems must be looked at in-depth and attended to consistently. Africa is a vast continent and the multi-jurisdictional business needs to know and understand the country they are entering from a digital standpoint and be able to expand whilst keeping this in mind.
The advent of COVID-19 and its hyper movement to the online and digital solutions has left many businesses hobbling along to catch up. An employee who clicks on a malicious file or responds to a request from a seemingly legitimate source may give hackers instant access to sensitive information which in turn is a grave risk management concern.
Outside of business, Multi-generational families with multiple locations are a huge challenge and present an opportunity for cybercriminal penetration and crime. Once a family reaches the third generation and beyond, family members are often spread out over various cities and countries. This means that the family must facilitate remote access and communication in a way that is fully secure and adaptable to the variable circumstances of family members. Hackers routinely use social engineering and email to great effect.
Technology risk comes in many forms, and the hardest to control and riskiest is social media. Social media needs to be managed carefully by every family. Social media is a great way to promote and grow social wealth, create awareness and enhance relationships with the communities, with which the family aligns. However, if it’s not executed correctly, social media usage can damage your reputation. Social media is the most immediate threat to your family or your company’s reputation. Because of the generation gap in most families, one generation may be online and another not. This causes one generation to be exposed unknowingly to a greater audience and at times without consent.
It is important to work with family members and employees of the family office to align. All players need to be educated on utilizing social media and how the sort of information posted can impact them as a collective. This critical task is the family office’s responsibility.
In recent years we have seen notable UHNWIs go viral on social media and are unable to control the breach. We have continued to see the next generation of UHNWIs showcase their lives in ways that have drawn questionable glances. Equally so, we have seen many use these platforms to engage and bring attention to work that the family investments or philanthropic endeavors are engaging in.
To bring this all into focus, here are some tools that can be used to mitigate and manage technology risk:
- Taking yearly inventories of everything connected to the internet. Ensuring that all devices have updated software, robust passwords, and virus protection. This includes obvious items like laptops, routers, and tablets. Also, check all smart devices such as printers and security cameras.
- Ensuring two- or three-factor authentication is in place for all sensitive sites. It may feel like a cumbersome task to always be getting passwords and authentication, but it’s less stressful than being robbed of your identity and accounts and at times, millions of dollars.
- To support the above, it’s also critical to have secure access points. If possible, replacement of routers every few years is advisable. The dangers of public Wi-Fi usage cannot be emphasized enough. As much as possible, refrain from using unknown networks or routers. It’s probably more advisable to carry your own and strengthen email protection especially if you use multiple networks to connect to the internet to check email.
- Make certain that you address the human factor. As the famous adage goes, Education is key. Be intentional and create cyber-security policies surrounding passwords, connected devices, social media, payment authorization, email, and so forth for both the family and critical staff in the business. Invest in training office staff and family members regarding security policies. Once again, it sounds tedious and like its obvious knowledge, however, it is not. To protect the family and the assets it should be known and accepted that access control measures are implemented to allow users only the access they need.
- Virus protection alone will not provide adequate defense from a cyberattack. Data leaks are accidental exposures of private data that could develop into data breaches. As the digital landscape expands, the data lifecycle spins faster, creating more instances of data-in-use, data-in-transit, and data-in-rest. Data security is difficult to maintain under such dynamic conditions, making data leakage unavoidable during digital transformation. Layered security is not a luxury. It is a must. Implementing a layered approach that combines attack prevention with detection and response gives any potential malicious activities challenges. Researching and employing available technology tools for encryption, backups, vulnerability testing, and monitoring is critical. Understanding the level of security and encryption that comes with any technology you obtain is also key.
- Understanding digital foot-printing. It is important to continuously monitor the security state of all exposed assets. Digital foot-printing is where there is a dedicated effort to monitor. There is a need to identify all assets exposed to potential unauthorized access, including all social media channels and third-party resources housing sensitive data. A digital footprint can be mapped with the assistance of an attack surface monitoring solution. Digital landscape insights gained through this empower the design and deployment of highly-effective remediation responses.
Risk management teams have traditionally operated in silos, focused on their own sliver of business risk. But the digital risk is a concern that must be addressed across the enterprise — from the security operations center to the boardroom; from frontline threat detectors to those making strategic decisions for the future.
While no firewall and security measures provide absolute assurance, most technology providers work very hard to remain secure and deploy the latest tools and techniques for managing security risks. Managing digital risk takes time, and it is not an easy task. Technology is here to stay, and it’s important to first understand what technology risk is and the types of risks the family is exposed to. Then they can implement strategies to manage them.
Tsitsi Mutendi is a co-founder of African Family Firms, an organization that aims to facilitate the continuity of African family businesses across generations. She is also the lead consultant at Nhaka Legacy Planning and the host of the Enterprising Families Podcast.