Private Air New York Magazine
Issue link: https://privateair.uberflip.com/i/1500789
www.privateairny.com Private Air | Summer 2023 70 Re-imagining online wealth management security Altoo features highly encrypted communication and storage tools, a very fine granular and sophisticated authorization mechanism, intrusion detection, and advanced security vulnerability testing, to name just a few of its many security features. "Our platform is operated in a professional Tier3 data center in Switzerland with all the strict measures that protect physical access to our hardware," iel explains. "Additionally, our platform is produced and resides only in Switzerland, and we hire only people based in Switzerland, ensuring a higher level of cyberattack protection." "We monitor thousands of emails daily and have a lot of phishing emails, of which our email filter catches 98%," says iel. "A few sophisticated emails that can bypass our systems are often announced to ITOps [IT Operations] by employees or seen by ITOps. ese then help us improve our email filter rules continuously. We also have brute force URL scanning (attacks) on our platforms (https/443). e source IPs of such URL scans are banned after only a few improper requests to block extensive scans or misusage." Ransom protection is a vital part of protecting a system from cyber attacks. "Ransom is usually also about stealing data and threatening to publish confidential data," explains iel. "at is why we only store sensitive data in an encrypted manner. Segmentation adds further hurdles for any ransom to spread. We have multiple network segments protected by inner and outer firewalls. Concepts such as "jump hosts" (hardened virtual desktops without access to the internet) protect access to sensitive infrastructure and data. Our different operating systems in different segments add further hurdles for any ransom malware to spread. We also have different communication services in different, separated locations to ensure communication with authorities and clients in case of a [partially] successful attack." Protecting yourself online iel recommends that all online users follow a general checklist to protect themselves from cybersecurity attacks. ese include: • Having endpoint device security installed • Not installing unnecessary applications, especially ones that are for fun • Exercise caution around freeware – one must understand the motivation/ how somebody earns his money; often, freeware is free because the user, his data or behavior, is the product they make money with. • Stay updated – most serious products will update themselves regularly. • Don't fall for any promises – most promises are so primitive; for example, you won't win a lottery if you do not participate. You won't inherit from unknown people. e sad thing is that people are still fooled by these phishing emails. • Finally, keep offline backups of important data. iel also recommends that those at the forefront of preventing cybersecurity stay updated with the latest threats by attending leading industry events. However, he cautions that they should be attended only by those who fully understand the industry. "Security is a major money- making business working with the fears of people that do not understand cybersecurity," iel explains. "Everything labeled security implicitly has a much higher price. Such conferences provide a very good product and service overview if you know and understand the threats in your situation and your protection needs. One of the key things that security providers do not tell you is that adding products and services to your dispositive is adding attack points (threat vectors), which you must consider. A good example of this was the 2020 cyberattack on SolarWinds when more than 18,000 customers installed malicious updates." WEALTH MANAGEMENT