Share |

Risk management: safety net

Family businesses face multiple threats to their privacy and security from the internet. Dedicated criminals can use the internet to find personal information to use for extortion, blackmail or identity fraud. Financial information can be intercepted by stray emails or lapsed data security.

"In the old days criminals used newspapers and magazines, but today they only use the internet as it is an enormous source of information," explains Hans Slaman, founder and director of International Security Partners (ISP), a company dedicated to protecting family businesses from risk. Search engines can make hidden information more accessible for the public. Personal information like social security number, birthday, phone number and name can be found by concerted criminals.

"If I have in my possession your social security number I can then access another level of information about your house or your wife. Then I can call you and ask you questions or make remarks that would leave you with the impression I knew everything about you."

Slaman explains that this approach is very common and the purpose is extortion. He outlines a case of his client who had taken a former business associate to court to prevent him starting a competing business. The client's house was visited three times by associates of the defendant. On one occasion his property was severely damaged and the client's wife and children were threatened with baseball bats.

"They found his private home by searching on the internet," Slaman continues. "We had another extortion case with a milk producer. The perpetrator lived in the Southern part of the Netherlands. He used an anonymous proxy server to send emails to our client that made it look like he lived in the US."

ISP searches the internet everyday to try to obtain new information about their clients and to analyse what risk this information could pose for them.

"The biggest problem at the moment is the growth of social communities on the internet," Slaman continues. Social networking communities such as Facebook, MySpace and LinkedIn have become very popular for the younger generation born after 1980. Family business members who travel can stay in touch with other family members using internet communication like Skype, MSN messenger, ICQ, Yahoo-messenger and Google-talk.

Slaman describes an experiment conducted last year by a Dutch IT company where a non-existent online profile of a woman called Yvonne was created on Dutch social networking site Hyves. Yvonne's profile was of a good-looking 25-year-old nurse.

Within eight months she had more than 800 friends, including doctors, policemen, housewives, prosecutors and politicians. Her friends ranged in age from 16–64 and she was able to collect information about private phone numbers, dates of holidays, company information, bank account numbers.

"People are often naïve when they are putting personal information on that kind of community, they are no longer in control of that information," Slaman says.

One of the most alarming case studies Slaman has encountered was that of the 18-year-old daughter of one of his clients. She had joined the well-known social networking site Hyves, the Dutch equivalent of Facebook.

Sometime afterwards at one of her favourite nightclubs, she was approached by some boys who lived in the Netherlands. "They sent her online messages and became aware which nightclubs she went to," Slaman says. "Her father called us and asked us to make a very discreet background information check when he became worried about them."

ISP used photos and names of the boys to run background checks with the intelligence department of the local police force. It was revealed that these boys were involved with a Moroccan drug dealing group operating in the middle of the Netherlands. They had found out via the internet that she was the daughter of a very rich, well-known family business owner who produces food in the Netherlands.

ISP then made contact with them to ensure that they ceased their contact with the client's daughter.

How can family businesses protect themselves against this kind of security threat? "She had an account on Hyves, but she did not use the filters," Slaman explains. "That is one of the most common faults that people make when they are using the social networking sites."

Another risk area is that of downloading information and the use of peer-to-peer (P2P) software. Download programmes such as Limewire, Kazaa and Soulseek can be used to share music files and other digital content. Without precautions, this can grant external users access to your home computer.

"To mitigate risks you can install the software in the proper manner and not give others permission to upload information," Slaman says. He also recommends the use of strong passwords which combine numbers and letters. "Turn your home PC off after using it. Use separate email accounts for the forums you visit. Be extremely careful of P2P programmes."

A wealthy family business's top priorities are privacy and security, so it is crucial that their advisors provide them with secure channels when information is exchanged.

"The route by which more confidential data leaves the office than any other is email." says David Ford, CEO of email security specialist Securecoms Ltd and former managing partner of Tarlo Lyons. "The only true way to be sure is to either stop sending information or encrypt information (whether on USB keys, discs or emails)."

The final area of concern is data security. Kiran Sandford, one of the UK's leading IT lawyers, a partner at law firm Mishcon de Reya explains the risks for a family business: "If they need to keep data secure – for example, they run a website or offer personal services, advice or consultancy advice from the internet or even just sell things – and there is a security breach where the information becomes public knowledge then a family company's reputation stands to be more seriously dented than another organisation who can brush it off more easily."

Laptops being left in the back of cars, hotels or simply being stolen are examples of lapses that can easily affect the family business. Sandford explains how to mitigate the risks.

"It is paramount for family businesses to have proper security policies for their employees. For example, they should educate them about keeping passwords secure. They should educate them on using emails to be careful about whom they email so they don't introduce viruses to the system. There should be a proper written security policy and it shouldn't just be put in a drawer. All the employees should be educated about it."

Sandford points out that most security breaches are inadvertent, so it is important to train all staff thoroughly on IT security issues, including temporary staff or outside consultants who have access to their system. She also recommends having a security education seminar once a year.

"They should make sure that people's security access is taken off when they leave their employment," Sandford says. "They should think about limiting access to really sensitive data really to only those who need to see it. For example, having various levels of access. Making sure that simple things happen, like people looking over someone's shoulder while sensitive data is going into a computer so it can't be seen."

While the opportunities provided by the internet are great, so are threats. It's therefore essential that you and your family are fully prepared.

internet, security, Special report
Click here >>