Today, few organizations are immune to cyberattacks. Family offices and small businesses are no exception.
Increasingly, small organizations are being targeted with the same phishing, malware and ransomware attacks that each year cost bigger businesses trillions of dollars in losses.1 It’s therefore essential for them to develop robust cybersecurity controls and have a well-thought-out recovery plan in place—hopefully before a cyber breach occurs.
Cybersecurity for a family office client that was managing investments, real estate properties and day-to-day finances for several generations of one family, primarily depended on weekly backups of data and systems—plus incremental backups every night. The office team believed this two-pronged strategy would allow them to recover data from many different points in time if a problem ever arose.
Unfortunately, a ransomware attack quickly revealed the flaws in this approach: All of the office’s day-to-day systems as well as its backups were stored on the same network.
Hackers were able to gain control of all of the office’s systems and information, and demanded a ransom of $500,000. Initially, the family declined to pay the ransom, hoping to find a workaround. But after a 10-day shutdown of the office, they paid the ransom to restore their systems.
J.P. Morgan’s cybersecurity specialists can help you develop, test and execute resiliency plans in the event of a cyberattack. Here are some of their recommendations to help you get started:
J.P. Morgan is committed to providing safe, resilient services to our clients and partners within an ever-evolving threat landscape. To learn more about protecting your business and yourself from cybercriminals, please contact your J.P. Morgan team.
This information is provided for educational and informational purposes only and is not intended, nor should it be relied upon, to address every aspect of the subject discussed herein. The information provided in this document is intended to help clients protect themselves from cyber fraud. It does not provide a comprehensive listing of all types of cyber fraud activities and it does not identify all types of cybersecurity best practices. You, your company or organization is responsible for determining how to best protect itself against cyber fraud activities and for selecting the cybersecurity best practices that are most appropriate to your needs.