Many family offices find themselves wondering if wealth management technology is now a permanent fixture in the family enterprise, since it allows for better informed investment decisions, provides greater visibility into performance, and streamlines processes. Despite all these important benefits, however, it’s only natural that family offices wonder if they are taking on additional data security risks when considering these new technologies. Indeed, they have reason to be on high alert, since many WealthTech vendors do not possess the infrastructure to combat or adapt to new technologies.
That said, it is possible to reap the benefits of well-designed platforms while avoiding extra risks. The key is finding platforms that have taken the highest precautions. As a technology company founded and staffed by former family office leaders and industry professionals, we well understand what is at stake. In our 12 years as a WealthTech vendor we’ve supported hundreds of family offices; none have experienced a financial data breach of any sort.
Here are the potential issues, and the solutions as we see them:
1\. Data Breaches
Ransomware, phishing schemes, malware, and theft identification rightly garner their share of industry attention. Criminals everywhere are leveraging seized data for nefarious purposes. Sometimes, exploitable data issues are the result of human error—devices left behind, files accidentally or incorrectly moved. In truth, the cause doesn’t matter when the result is highly sensitive information that is in the wrong hands, inaccessible, or gone.
THE SOLUTION: Shared servers are particularly vulnerable, providing hackers with multiple ways in. A platform that stores data in the cloud from segregated servers reserved solely for this purpose blocks such entry. Specifically, vendors who use Tier IV data centers will be those that uphold the most rigorous security standards with data encryption and multifactor authentication. Such safeguards make data storage in the cloud far safer than manual storage.
2\. Intra-office Confidentiality
Family offices depend on a coterie of staff members and advisors, from administrators and accountants to attorneys and portfolio managers. Despite these professionals needing access to some data to prepare their reports and perform their analyses, few of them need access to it all. The problem is, traditionally there has been no easy way to segment information. If, say, someone needs a breakdown of a family’s U.K. real estate holdings, they might well get to see all the family’s real estate holdings. Family offices who recognize the downside of oversharing often copy and paste relevant sections as a workaround, a messy fix that makes it too easy for data to find its way into the wrong file or to the wrong recipient.
THE SOLUTION: Aside from a handful of senior leaders, almost no one in a family office needs complete visibility of a family’s assets. Leading-edge WealthTech platforms offer more granular levels of accessibility, enabling employees to see only the data sets that pertain to their function. Some platforms even allow users to toggle off monetary amounts so advisors can grasp wealth structures without having to be privy to precise figures.
3\. Vendor Security
Of course, a family office would be remiss if it did not consider the vulnerabilities of their technology vendor itself. Many WealthTech platforms are careful to protect clients’ data from external eyes, yet are able to access that data themselves. Think of a bank representative who can effortlessly pull up a patron’s account. In such cases, family offices, particularly those serving high-profile clients, would be wise to worry about a rogue staffer with a flash drive. The Panama Papers leak—11.5 million files of the rich and powerful—was culled from the database of the Mossack Fonseca law firm.
THE SOLUTION: Operations can be automated, ensuring that data is sent from banks or portfolio managers directly to a secure platform. When that is not feasible, members of the family office can, of course, enter data onto the platform themselves. Assiduous vendors maintain a “blindness” to client data, keeping names, locations, documents, and figures invisible and configuring support services so access to that data is unnecessary. They should also use a double encryption system in which one level shields against outside actors and the other against the vendor itself; data, then, can only be unlocked with a time-sensitive token sent to the client’s smartphone. Documents are protected using digital encrypted vaults for centralized storage and secure accessibility to mitigate the security risks of scattered hard copies and e-mail attachments.
At Masttro, we understand the transformative power of SaaS tools to greatly improve operations, but only if they can ease peace of mind as well. The wealth management solution we have created compromises neither security nor usability, providing the most complete picture of wealth across asset classes while guarding that data with military-grade security. Our servers are in Switzerland, home to the world’s strictest data protection laws. We are proud that our 12-year success story has had no financial data breaches while safeguarding our clients’ data with our industry-leading security framework.
Essential Security Checklist:
Tier IV Data Centers
Cloud-based, segregated servers provide the best protection against data breaches
Granular Levels of Accessibility
Employees should only see the data sets that pertain to their function
Automated Operations with Double Encryption
Services and support should not require open access to client data
