The WealthTech Podcast Episode Transcript

Host:  Mark Wickersham, Head of Strategic Partnerships at Asseta AI

Guest: Warren Finkel, Managing Director at Omega Systems

00:00:25.470 --> 00:00:40.710

Mark Wickersham: Alright, Warren, welcome to the WealthTech Podcast. I am happy to have you on the show. Today we're going to talk about all things cybersecurity and how family offices can protect themselves and the families they serve.

00:00:40.910 --> 00:00:58.930

Mark Wickersham: Recent Deloitte survey had noted that 57% of North American family offices experience a cyber attack. My guess is that that number is probably actually higher than might be underreported. But only 33% had a dedicated cybersecurity budget, so…

00:00:59.150 --> 00:01:05.049

Mark Wickersham: Still a long ways to go on this really important and evergreen topic.

00:01:05.209 --> 00:01:13.639

Mark Wickersham: Before we get into it, would you mind giving a quick background, introduction yourself, and a background on Omega Systems?

00:01:13.830 --> 00:01:14.500

Warren Finkel: Sure.

00:01:15.100 --> 00:01:28.160

Warren Finkel: Thanks, Mark. I am super excited to be part of your podcast. I am Warren Finkel, Managing Director of Omega Systems. I've been in the IT and cybersecurity space, consulting and solving problems for 25 years.

00:01:28.280 --> 00:01:34.719

Warren Finkel: Omega specializes in financial services with a focus on family offices. We focus on

00:01:34.850 --> 00:01:50.139

Warren Finkel: We offer bespoke services such as 24 by 7 helpdesks to monitoring and managing our clients' networks and mobile devices with a concierge and white-glove approach to client care. We service clients worldwide and serve as a proactive IT and cyber partner so our clients can stay focused

00:01:50.160 --> 00:02:06.470

Warren Finkel: on what matters most, protecting the family, their legacy, and running their business. I can give you a little bit of background of what's happening in the cybersecurity business. You know, we're thinking cybercrime is a business, and that business is booming. And if you think that is the end.

00:02:06.470 --> 00:02:25.750

Warren Finkel: AI is changing the game again with deepfakes, autonomous malware, and soon we are going to see quantum-powered attacks that will crack today's data security in seconds. I want to add that while ransomware victims often pay to get their data back, you cannot buy your way out of ransomware. You can only build your way out with real resistance.

00:02:25.850 --> 00:02:45.769

Warren Finkel: As you mentioned, Mark, some of the largest service providers and banks that work with family offices, such as RSM, JP Morgan, UBS, Northern Trust, and ALTI Teiderman Global agree on the following. 70% of single-family offices view cybersecurity as their top risk and biggest operational risk.

00:02:46.030 --> 00:03:02.029

Warren Finkel: I think the top 3 reasons for outsourcing technology and cybersecurity in the family office is that there's no expertise in-house, no technical resources, and it's more cost-effective to outsource. You mentioned Deloitte,

00:03:02.030 --> 00:03:12.610

Warren Finkel: 33%, it's all over the place. I think those numbers are much higher. I think a lot of family offices have suffered a cyber attack.

00:03:12.610 --> 00:03:26.069

Warren Finkel: And, it appears that most family offices, operate with minimal protection. So, you know, we're here to educate our clients, we're here to educate family offices, and obviously, you know, whatever we can do to help.

00:03:26.960 --> 00:03:38.940

Mark Wickersham: Yeah, I guess the first step is to get educated. Let's talk about the why. Why are family offices such a rich target for cybersecurity criminals?

00:03:38.990 --> 00:03:57.669

Warren Finkel: Yeah, so family offices are a target because they manage a concentrated treasure trove of high-valued assets and extremely sensitive personal information. They often lack the robust cybersecurity defenses of a large corporation. They have a smaller, highly trusted staff, which makes them susceptible to social engineering.

00:03:57.670 --> 00:04:10.389

Warren Finkel: And I think, most of that, they're focused on more of the legacy of the family office rather than protection. They just don't have enough knowledge about what to do to protect their environment.

00:04:11.350 --> 00:04:29.519

Mark Wickersham: It just does seem like one of the areas that's clear, you know, they decide whether they should outsource or insource. This seems like one of the areas where it's an easy decision. It seems like this should be one that's an automatic, that they should be outsourcing, that they should get a person or a firm that, you know, that thinks about this 24-7, right?

00:04:29.520 --> 00:04:30.600

Warren Finkel: Correct, correct.

00:04:32.000 --> 00:04:39.630

Mark Wickersham: What are some of the emerging trends that you're seeing out there? What is new on the landscape in terms of

00:04:39.930 --> 00:04:41.170

Mark Wickersham: Cybercrime.

00:04:42.060 --> 00:05:01.280

Warren Finkel: So we're seeing a shift from broad attacks to highly personalized, sophisticated scams. The most common threats remain phishing and ransomware, but they are now powered by AI. Years ago, you know, phishing would be emails and obviously, whatever they can do to take over your data.

00:05:01.340 --> 00:05:18.080

Warren Finkel: I think with AI, sophisticated attackers are using AI to generate deepfakes, convincing audio and video impersonations of trusted executives or family members to trick staff into making fraudulent wire transfers. I think that's becoming,

00:05:18.080 --> 00:05:26.659

Warren Finkel: major and obvious problem in the community. And there's just no way to stop that unless you're educating your staff, and

00:05:26.660 --> 00:05:38.900

Warren Finkel: Obviously, becoming more aware of what… what deepfakes are, and how to… and how not to… you can prevent deepfakes, but obviously you can… you can learn more about it, and how to… how to not fall victim to a cybercrime.

00:05:39.800 --> 00:05:52.139

Mark Wickersham: Yeah, I mean, social engineering's one of those things where it used to be a little bit easier to pick up, right? That there'd be obvious spelling mistakes, you could tell that the writer wasn't necessarily a native English language, now it's…

00:05:52.520 --> 00:05:58.760

Mark Wickersham: the context is perfect, and it's personalized, it can be really tough. I would tell the Davies.

00:05:59.030 --> 00:06:10.119

Mark Wickersham: actually had a… had a billing problem, a legitimate billing problem with the cable provider. I kept on thinking it was a fake to all time, almost lost access to my cable, so that's the other…

00:06:10.120 --> 00:06:17.180

Warren Finkel: I think what these cyber attackers are doing, just like these scams on mobile devices, they wear you down.

00:06:17.500 --> 00:06:22.170

Warren Finkel: And unfortunately, they have patience, they can continue

00:06:22.290 --> 00:06:38.830

Warren Finkel: doing whatever they're gonna do throughout the day, throughout the weeks, and they're gonna finally hit somebody because they're in a rush to do something, and that's where… that's where people… people not only lose their mind, they lose their ability to reason. And that's where cybercrime comes in.

00:06:39.670 --> 00:06:42.650

Mark Wickersham: Yeah, they're in a rush to try to get something done, they're trying to…

00:06:42.650 --> 00:06:43.240

Warren Finkel: Yep.

00:06:43.240 --> 00:06:49.799

Mark Wickersham: finish something, maybe they're on the road, they… you're on the phone, you can't quite see everything. Right.

00:06:50.320 --> 00:06:55.819

Mark Wickersham: What are some of the biggest mistakes that you see family offices make when it comes to cybersecurity?

00:06:56.110 --> 00:07:12.669

Warren Finkel: I think the single… the single biggest mistake is operating under the mindset of, it won't happen to me. This leads to being reactive then… rather than proactive approach. Other common mistakes, would be relying on outdated security practices.

00:07:12.830 --> 00:07:19.970

Warren Finkel: Not implementing multi-factor authentication, lacking a clear incident response plan,

00:07:20.200 --> 00:07:39.949

Warren Finkel: they also often neglect regular fishing exercises and security updates. So, these are common themes of family offices, where, like we discussed at the beginning of the podcast, they're just not putting in controls. So, all these things, you know, they're going to prevent

00:07:40.120 --> 00:07:56.920

Warren Finkel: cybercrime. They're going to prevent and educate people within the company, hey, if you're going to be doing cyber training, you're going to learn what is out there. So, I think, instead of the mindset, it won't happen to me, you've got to be proactive and say, it will happen, now let's defend it.

00:07:59.290 --> 00:08:09.600

Mark Wickersham: So, when it comes to the weakest link, we've talked a little bit about this social engineering. Where are family offices and the families themselves most vulnerable?

00:08:10.610 --> 00:08:15.889

Warren Finkel: I think, family offices, it's basically the,

00:08:15.920 --> 00:08:32.600

Warren Finkel: I think the key is families have to enforce formal protocols, such as requiring verbal communication, dual authorization process for high-value transactions. It's also crucial, to…

00:08:32.750 --> 00:08:35.460

Warren Finkel: Continue to have social engineering simulations.

00:08:35.530 --> 00:08:43.040

Warren Finkel: phishing exercises, awareness training. We're seeing a lot more family offices today ask for security awareness training.

00:08:43.039 --> 00:08:58.759

Warren Finkel: Just because they want to know, you know, even things like you go to a restaurant, and there's that code that is on the menu. Those are, those are my target items right now, and we tell clients today, never download that at a menu. If you're at a restaurant.

00:08:58.760 --> 00:09:03.979

Warren Finkel: Get a written menu versus downloading that, because that's a great area for malware.

00:09:04.000 --> 00:09:12.940

Warren Finkel: They're gonna get on your phone, and they're gonna start sifting out data or personalized information, and that's another area of concern.

00:09:16.280 --> 00:09:24.510

Mark Wickersham: Yeah, you definitely saw a lot of that. With COVID, with the QR codes, and then they continued to persist today.

00:09:24.730 --> 00:09:41.040

Mark Wickersham: So what are some best practices? Obviously, I think training and regular training is certainly one of them. I don't know if you have a particular training program that you'd recommend, but what are some other best practices that family offices can implement?

00:09:41.040 --> 00:09:53.800

Warren Finkel: I think there's many companies out there, including some of the major accounting firms, and you've had some podcasts with some of our colleagues that do regular IT risk assessments and cyber risk assessments.

00:09:53.850 --> 00:10:04.520

Warren Finkel: I think those are essential. If anybody feels they're at risk, or just wants to make sure they have no gaps in controls, they should get a cybersecurity risk assessment.

00:10:04.520 --> 00:10:14.770

Warren Finkel: That will document, you know, they have to… they also need a response plan, and they also need to implement technical control. So where we come in is

00:10:14.770 --> 00:10:34.559

Warren Finkel: take that risk assessment, understand the gaps and areas of improvement, and start implementing controls, best practices, and whether they have MFA in place, or whether they have single sign-on, or whether they have simple antivirus, which a lot of people are not putting on their systems, or patching their computers.

00:10:34.570 --> 00:10:46.370

Warren Finkel: Common… common themes that we take for granted are being overlooked at some of the family offices. Not because they don't have the time, it's because they're just not educated on what they need.

00:10:48.310 --> 00:10:56.670

Mark Wickersham: I would think that patching and automatic patching would be standard for the course.

00:10:56.670 --> 00:11:05.029

Warren Finkel: It's all about building a robust and resilient security posture. That's got to be the forefront of any business today, especially family offices.

00:11:05.640 --> 00:11:19.250

Mark Wickersham: Obviously, family offices, like a lot of firms, they use a lot of different third-party software, that can… that third-party risk can introduce, vulnerabilities, likewise, picking…

00:11:19.390 --> 00:11:29.190

Mark Wickersham: a particular vendor and evaluating them properly for how secure they are can help protect a family office. When it comes to third-party vendor management.

00:11:29.320 --> 00:11:33.210

Mark Wickersham: How do you recommend that the family offices…

00:11:33.580 --> 00:11:38.620

Mark Wickersham: Extend their evaluation that includes cybersecurity, and what should they do on that front?

00:11:38.960 --> 00:11:55.769

Warren Finkel: Great question, and certainly that's an area of concern. So, we believe third-party vendors are a significant risk. Family offices need to make cybersecurity a key part of their vendor due diligence. When we work with family offices, that's one of our… our functions.

00:11:55.950 --> 00:12:12.620

Warren Finkel: is to look at our… their vendors' controls. What's in place, what's not in place? We ask those critical questions about their security protocols. How do they store data? How do they share data? Are they SOC 2, Type 2 certified?

00:12:12.620 --> 00:12:32.359

Warren Finkel: If any of these questions have any questions… any of these questions have responses that don't make sense, we'll come back to the… we'll come back to our client and say, look, you know, either find a new vendor, or let's figure out where their gaps are, but there's… there is probably a question mark as to whether you want to work with them. Today, you know.

00:12:32.370 --> 00:12:37.680

Warren Finkel: we're asking questions, are they doing regular penetration testing? Because most of these vendors

00:12:37.740 --> 00:12:41.339

Warren Finkel: It's SaaS. They're holding the data in their cloud?

00:12:41.390 --> 00:12:57.579

Warren Finkel: And, you know, even though family offices are signing into third-party applications, they've got to make sure their vendors have the controls in place. So, penetration testing is key. Do they have a data breach plan? Do they have an incident response plan?

00:12:57.580 --> 00:13:16.210

Warren Finkel: And we review these documents for our clients to make sure they hold muster. Certainly, preferably, would be that SOC 2 Type 2, because then they're contractually obligated to deliver these controls. And, you know, we need to make sure that their contracts hold them accountable for any kind of data risk.

00:13:16.500 --> 00:13:20.940

Warren Finkel: So that's the kind of stuff that we're doing for our clients on a weekly basis.

00:13:21.830 --> 00:13:27.719

Mark Wickersham: Talk to me a little bit about SOC 2 Type 2. What does that mean, and what levels are in place with that?

00:13:28.010 --> 00:13:46.320

Warren Finkel: So, Omega Systems, we're SOC 2 Type 2. It means that we go through a rigorous 6 months to 8 months control review to make sure that what we're… what we're doing for our clients, as well as what we do internally, we're… we are safeguarding our information,

00:13:46.410 --> 00:14:03.999

Warren Finkel: our data centers, our data, our… our… anything that we're doing and we're delivering is all contract… is all written-down policies and procedures, and it's following best practices. And for that, you know, SOC 2 and Type 2 is probably the standard out there for most… most service companies.

00:14:04.000 --> 00:14:15.480

Warren Finkel: If these companies who offer services don't have a SOC 2 Type 2, they may be too small, and they shouldn't be involved in servicing family offices. So I think that's a prerequisite for

00:14:15.500 --> 00:14:24.729

Warren Finkel: for working with family offices, any large business, should have a SOC 2, Type 2, especially those that service the family offices.

00:14:26.230 --> 00:14:33.629

Mark Wickersham: It's normally right on their website, too, right? They'll have the AICPA label from that, because they've been certified, they have a right to…

00:14:33.630 --> 00:14:47.770

Warren Finkel: Correct. We are probably sending out our SOC 2 Type 2 several times a week, just because clients want to make sure… you know, the problem, Mark, is that everyone wants to transfer risk, right? So, basically, I've got a SOC 2

00:14:47.800 --> 00:15:05.900

Warren Finkel: We tell our clients, we're SOC 2 Type 2. Any risk that they're taking, we're absorbing. Obviously, they need to have cybersecurity insurance to protect their environment, but they know that we're a trusted advisor and a solution provider because of that SOC 2 Type 2. And, of course, reputation and experience in the market.

00:15:08.590 --> 00:15:15.580

Mark Wickersham: Let's talk about cybersecurity, insurance. It's recommended. What is the common mis…

00:15:15.770 --> 00:15:19.360

Mark Wickersham: Conceptions around that type of insurance? What are some of the pitfalls?

00:15:19.510 --> 00:15:25.809

Mark Wickersham: Regarding, you know, family offices seeking that type of insurance, and what's the best practice in that area?

00:15:25.810 --> 00:15:42.109

Warren Finkel: So, certainly, the misconception years ago, and probably people are more aware today, that general insurance doesn't cover, general liability insurance does not cover cybersecurity. You've got to have a specific cybersecurity policy in place.

00:15:42.110 --> 00:15:51.079

Warren Finkel: that outlines what happens if a breach occurs. Obviously, you may have to bring in forensics, you may have to bring in,

86

00:15:51.090 --> 00:16:02.080

Warren Finkel: public relations firms. You've got to make sure that cybersecurity covers the costs involved with, with, breach, breach, breach repair.

87

00:16:02.080 --> 00:16:21.890

Warren Finkel: data exfiltration, certainly working with public entities or law enforcement, these are all things that are covered under a cybersecurity policy. So there are specific companies that offer cybersecurity insurance, and obviously, you know, you need to have a good amount of coverage, because some of these cybercriminals

88

00:16:21.910 --> 00:16:29.469

Warren Finkel: Are going after a lot of data, and high-value data, and you've got to make sure your policy is protected for everything inclusive.

89

00:16:30.840 --> 00:16:42.580

Warren Finkel: You know, incident response, to me, is a major issue. Once a breach occurs, incident response, which could include forensics and data recovery, becomes a very costly event. So…

90

00:16:43.030 --> 00:16:51.239

Warren Finkel: You know, 20-20 hindsight, you probably should be putting in those controls prior to make sure that those kind of things don't happen.

91

00:16:52.660 --> 00:16:56.859

Warren Finkel: Honestly prior, they should have a response plan, right, in case, correct.

92

00:16:56.960 --> 00:17:02.280

Warren Finkel: Correct. The worst case does happen. What would be some of the key elements that they should have in their response plan?

93

00:17:02.680 --> 00:17:16.410

Warren Finkel: A good incident response plan… I mean, look, tabletop exercises would be part of that same scenario. A good tabletop exercise is a, is where key personnel get together.

94

00:17:16.410 --> 00:17:23.620

Warren Finkel: In a low-stress environment to discuss, their roles and responsibilities during some sort of an emergency or crisis.

95

00:17:23.619 --> 00:17:26.849

Warren Finkel: Obviously, when crisis occurs.

96

00:17:26.940 --> 00:17:36.449

Warren Finkel: Things get all… get out of hand. Tabletop Exercises tells you, hey, Mark, you're gonna be doing this, Warren, you're gonna be doing that, Pete, you're gonna be doing this.

97

00:17:36.450 --> 00:17:51.289

Warren Finkel: So everything under that plan is attacked and accounted for. Obviously, you know, it's also to measure your readiness, that in the event something happens, you know how to take the next steps, versus just shutting down and saying, okay, what do I do?

98

00:17:51.590 --> 00:17:53.890

Mark Wickersham: Losing that geeky time, right?

99

00:17:53.890 --> 00:18:03.219

Warren Finkel: Right, so the key is the incident response plan and testing it, making sure it's resilient, and obviously tabletop exercises is key.

100

00:18:04.480 --> 00:18:09.740

Mark Wickersham: So, with family offices being compromised, what should they avoid?

101

00:18:11.030 --> 00:18:18.870

Warren Finkel: It's hard to say, you know, you have to run your business, right? Certainly,

102

00:18:19.150 --> 00:18:22.680

Warren Finkel: You, you need to avoid… obviously.

103

00:18:23.120 --> 00:18:36.749

Warren Finkel: being at a hotel, or taking on public Wi-Fi. We, you know, we do a lot of security awareness training, and people tell us, what should we not do? So, going into public Wi-Fi, whether it's a Starbucks, whether it's a library, whether it's the airport.

104

00:18:36.860 --> 00:18:52.659

Warren Finkel: plugging in your cell phones into these USB data ports, which is another area for malware. Certainly, you know, these, these, QR codes, which we mentioned earlier, is another area of concern. Social networks.

105

00:18:52.780 --> 00:19:03.649

Warren Finkel: providing people where you're going to be is another area of concern for family offices. You know, years ago, people were more secretive, more private.

106

00:19:03.650 --> 00:19:19.279

Warren Finkel: Today, with social media, people are out there broadcasting what their next move is, where they're going on vacation, pictures of this, pictures of that. You know, behind your picture, you'll see a certain area, maybe a beach somewhere. That's an area where people are going to target.

107

00:19:19.350 --> 00:19:28.639

Warren Finkel: Whether it's a home invasion, ransomware, you know, personal ransomware, human ransomware, data ransomware, anything could happen to a business.

108

00:19:29.480 --> 00:19:35.640

Mark Wickersham: Yeah, and it's not just the, the family office or the family, right? It could be the employed staff, the nanny could be taking a picture, and…

109

00:19:35.640 --> 00:19:36.070

Warren Finkel: Yep.

110

00:19:36.070 --> 00:19:44.969

Mark Wickersham: Next thing you know, there's Picasso in the background, and now, you know, there's more information than that family, I'm sure, would want to have out in public.

111

00:19:45.270 --> 00:19:56.130

Mark Wickersham: Do you have a… do you have a particular horror story? Without sharing names, do you have a particular horror story that you can share with me about a family office that went sideways?

112

00:19:56.130 --> 00:19:58.790

Warren Finkel: Yeah, I think, you know.

113

00:19:59.150 --> 00:20:10.800

Warren Finkel: I think the problem is business email compromise, and where people are wire transferring millions of dollars to, to… you know, we had a situation where,

114

00:20:10.920 --> 00:20:23.239

Warren Finkel: Patriarch came back from a trip, said, look, I need to wire transfer X number of dollars to buy several paintings. Obviously, it wasn't over voice, it was over email.

115

00:20:23.350 --> 00:20:43.130

Warren Finkel: The assistant, thinking it was that important, didn't even verify and validate that… that email. Just basically wire transferred the money, and you know, they weren't a client yet, but they were… were… they became a client a few months later, when the accounting firm that's working with them realized they had lacks of controls.

116

00:20:43.140 --> 00:20:59.580

Warren Finkel: So, it's the rush, of doing things that are going to appease the patriarch and matriarch of the family, and not taking proper controls or proper precautions to make sure it's protected. So, in that case, they realized they made a mistake, and

117

00:20:59.580 --> 00:21:08.190

Warren Finkel: Unfortunately, when you do a wire transfer, unless you… you can stop that wire transfer from the person sending it, that money is gone.

118

00:21:08.560 --> 00:21:12.339

Warren Finkel: Typically, we see a lot of that business email compromise.

119

00:21:12.410 --> 00:21:24.829

Warren Finkel: It's just because with today's cybercriminals, they're becoming so perfect with their emails and their deepfakes and their phishing and voice phishing, it becomes,

120

00:21:24.860 --> 00:21:33.710

Warren Finkel: unimaginable what… what they're… what… what… what should look like correct and what shouldn't be correct. Best thing is to verify and validate over a phone call.

121

00:21:34.590 --> 00:21:48.130

Mark Wickersham: I mean, the problem is that they… you probably have been infiltrated for a while now, and they've been listening, and they've been watching, and they wait for that… that timing. They know that the patriarch was on vacation, and that it's very common for them to maybe purchase.

122

00:21:48.160 --> 00:22:05.779

Mark Wickersham: you know, artwork, or even properties, and for these type of transactions to then be requested. And it's just a matter of timing, that they're opportunistic, they've been listening for a long time, and then they swoop in, right?

123

00:22:06.480 --> 00:22:08.269

Mark Wickersham: So everything seems logical, right?

124

00:22:08.270 --> 00:22:22.339

Warren Finkel: Yep, I think another area of concern is AI. You know, if people don't realize that this large language model, a lot of these family offices have their own investment teams. Their investment teams are doing research over AI,

125

00:22:22.340 --> 00:22:37.809

Warren Finkel: And, unfortunately, they're not being careful of what they're putting on this large language model. Critical or proprietary information is being… is going out into the large language model, becoming another target for these family offices.

126

00:22:37.810 --> 00:22:50.119

Warren Finkel: So, we instruct and advise our clients that if they want to put in any kind of AI for research, we need to put in the proper guardrails, just to make sure that data is not leaving

127

00:22:50.460 --> 00:23:04.129

Warren Finkel: the large language model, so to speak, and it's contained in the company. And obviously, they've got to… you know, everybody plays a part in the family office. It's just not one person, it's the entire company. The entire company has got to play that part.

128

00:23:05.730 --> 00:23:16.659

Mark Wickersham: With AI, how… what… what is on… what's working in our favor for the good guys with AI? How is AI helping to protect families and family offices?

129

00:23:16.660 --> 00:23:32.030

Warren Finkel: So, another great question. I think AI, unfortunately, is a double-edged sword. On one hand, cybercriminals are using it to create more effective social engineering attacks, automate reconnaissance, scale their malicious activities.

130

00:23:32.100 --> 00:23:50.509

Warren Finkel: On the other hand, family offices can leverage AI, and companies like us who use AI for power defense tools. Examples are, we analyze email traffic, we analyze network activity. The time it takes for our AI tools to analyze email, analyze traffic could be milliseconds.

131

00:23:50.520 --> 00:24:05.520

Warren Finkel: Where years ago, it was 10 seconds, 15 seconds. So we're using AI as a defense, they're using it as an offense, and there's gotta be some balance, but it's a 24x7 365 effort.

132

00:24:05.520 --> 00:24:18.909

Warren Finkel: to thwart any kind of attacker, but obviously, you know, the more tools we get, the more tools they get. We're constantly monitoring our clients' networks 24-7 for any type of sophisticated threats.

133

00:24:18.910 --> 00:24:27.559

Warren Finkel: any anomalies we see, we're stopping. I think the, the key is right now, zero trust.

134

00:24:27.560 --> 00:24:40.290

Warren Finkel: is another item out there. We don't have, you know, if we deny by default on anything out there, a new employee comes in 10 years ago, you would say, okay, let's give Jim the same credentials as Joe.

135

00:24:40.340 --> 00:24:52.310

Warren Finkel: Today, you deny everything by default, and start creating new policies for every employee, or new procedures for every employee. So, you've got to be careful with AI because of the speed of what these guys can do.

136

00:24:54.210 --> 00:25:02.240

Mark Wickersham: So, wrapping this all up, give me… give me two areas that family offices should be on the outlook for, and give me, like, two… two recommendations.

137

00:25:02.860 --> 00:25:20.360

Warren Finkel: So, again, the mindset is, it's not if, it's when. And I believe the key is starting with a comprehensive risk assessment to understand, the unique vulnerabilities of that family office. I think, MFA and,

138

00:25:20.650 --> 00:25:21.730

Warren Finkel: patching.

139

00:25:21.730 --> 00:25:42.970

Warren Finkel: a well-defined incident response plan. Some of these things are critical, and again, we take it for granted, but if you have the solid foundation of putting in a cyber… of getting a cyber risk assessment, putting in the MFA, and looking at where you're vulnerable, and buttoning up those holes, that would be a great start to… to… to keeping your family intact.

140

00:25:45.220 --> 00:26:00.410

Mark Wickersham: And I'm just gonna say, get professional help. This is something that needs to be outsourced. It's not something that, unless you have somebody that's a dedicated resource that's doing this 24 by 7, you know, if it's somebody's part-time job, it's not enough, right? So…

141

00:26:00.680 --> 00:26:07.219

Warren Finkel: Yeah, certainly, like you said, it's a job that we take seriously. We're 24-7,

142

00:26:07.220 --> 00:26:23.190

Warren Finkel: We've got a separate SOC team in place to make sure we're protecting our clients on every vulnerable issue, whether it's data, whether it's email, whether they're systems, whether they're mobile devices. Obviously, everything has got to be locked down, and nothing should be taken for granted.

143

00:26:24.830 --> 00:26:35.590

Mark Wickersham: All right, well, I think that's a good, good words of advice. Warren, I'd love to end these podcasts more on a personal note with 3 questions that have nothing to do with wealth tech.

144

00:26:35.780 --> 00:26:41.630

Mark Wickersham: You are a founding member of the Outlier Project. What is it, and why did you get involved with this?

145

00:26:42.200 --> 00:26:55.649

Warren Finkel: So I got involved, Mark, with the Outlier Project during COVID. It seemed to be a lot of curious minds are involved with, with the Outlier Project. It's, like-minded people, who

146

00:26:55.780 --> 00:27:03.420

Warren Finkel: want to go the extra step. It's more of a social network, but it's… it's to help people create

147

00:27:03.750 --> 00:27:05.579

Warren Finkel: Better… better mindset.

148

00:27:05.600 --> 00:27:22.650

Warren Finkel: focused and driven people who can get together on a weekly, monthly basis and talk about whatever their problems are. But solving problems and figuring out what to do and what not to do. But it's become a great source of companionship for people.

149

00:27:22.650 --> 00:27:28.679

Warren Finkel: Obviously, they bring in speakers every month and discuss new ways of getting ahead.

150

00:27:29.320 --> 00:27:31.710

Mark Wickersham: Why is it called the Outlier Project?

151

00:27:31.710 --> 00:27:35.810

Warren Finkel: Good question. I should ask the founder.

152

00:27:36.490 --> 00:27:48.939

Warren Finkel: That's a great question. But, you know, during COVID, as you know, so many different things popped up. You have to pick and choose what type of groups to join, and that seemed very interesting at the time.

153

00:27:49.530 --> 00:27:54.810

Mark Wickersham: I love that. When you're not fighting cybercrime, what do you do for fun?

154

00:27:55.550 --> 00:28:11.109

Warren Finkel: You know, before Omega, I founded and operated two similar companies. Omega, we were private… we were… one of my… my last MSP, we were, purchased by Private Equity, and we merged with Omega, but,

155

00:28:11.110 --> 00:28:24.170

Warren Finkel: I spent 18 hours a day working. Since 2022, when we were purchased by private equity, I found a lot more time to spend with my family, and it became a different, different focus of life.

156

00:28:24.310 --> 00:28:37.529

Warren Finkel: Traveling, being able to visit different cities, and looking at the world differently, as I did before. Work was everything on my mind. Today, it's more family, more travel, more having fun.

157

00:28:37.600 --> 00:28:55.770

Warren Finkel: So, you know, travel is key. I think anywhere you can see water and relax is definitely key. Obviously, during the wintertime, I like to love to ski, but summertime is more for relaxation, you know, taking up some good hobbies.

158

00:28:55.820 --> 00:29:01.889

Warren Finkel: Smoking some great cigars, and having some scotch with some friends. So, you know.

159

00:29:01.890 --> 00:29:02.320

Mark Wickersham: Produce.

160

00:29:02.320 --> 00:29:05.090

Warren Finkel: Those things changed my life in the last 5 years.

161

00:29:05.770 --> 00:29:15.709

Mark Wickersham: I love it. You're based in the New York City area. I love New York City. What do you love about the city? What's your favorite spot that people might not know about?

162

00:29:16.100 --> 00:29:29.699

Warren Finkel: So, obviously, everyone who's not visited New York always say, you know, like you said, what's so intriguing about New York City? A, it's fast-paced business culture, it's the mecca of the world. We believe it's still the mecca.

163

00:29:29.700 --> 00:29:37.790

Warren Finkel: It's a city that never sleeps. It's 24x7 energy. You've got a melting pot of different cultures.

164

00:29:37.790 --> 00:29:45.779

Warren Finkel: I was reading somewhere a few weeks back that there's probably 800 languages spoken in New York. So,

165

00:29:45.870 --> 00:29:59.530

Warren Finkel: it's… it's endless amount of activity, whether it's museums, whether it's parks, whether it's restaurants, you can find any type of restaurant, any type of food. You know, I love… I love being in New York, because obviously.

166

00:29:59.530 --> 00:30:11.749

Warren Finkel: with most of our clients who are in New York, they've got between 38th and 57th Street, between 3rd and 8th Avenue. We probably have over 100 clients that we can visit, and

167

00:30:11.750 --> 00:30:25.620

Warren Finkel: you know, you go to California, you can see one client a day. In New York, you can see three or four, and, you know, anybody who visits New York, you can have a morning breakfast meeting, and another meeting before lunch, and two meetings after lunch. So, and still get home for dinner.

168

00:30:27.060 --> 00:30:27.979

Mark Wickersham: I've had to…

169

00:30:28.120 --> 00:30:42.360

Mark Wickersham: I had a chance… so New York, like you said, you can get four meetings in a day. I had a chance to work for an LA-based company for a while, and my first trip of trying to line up visits and stuff like that, yeah, it's like two…

170

00:30:42.520 --> 00:30:43.720

Warren Finkel: Yeah, too, exactly.

171

00:30:43.720 --> 00:30:49.389

Mark Wickersham: 1 in the morning, one in the afternoon, and you're gonna be in the car all day, you know, so… Yep.

172

00:30:49.390 --> 00:31:08.159

Mark Wickersham: on the good old 405, so it is… the city does have an energy that is tough to beat. I think the diversity of it just adds to that richness, that culture of the city, and you could eat away from that city and not repeat a restaurant for the rest of your life, pretty much.

173

00:31:08.160 --> 00:31:14.250

Warren Finkel: Yep, you know, you can have a great piece of pizza, a great bagel, and certainly a great steak in the same block.

174

00:31:14.600 --> 00:31:29.710

Warren Finkel: And probably not leave a block for an entire week, just because the diverse restaurants. You mentioned, in your question about, possibly an area that I love to see, it's, I don't know if you've ever been to the High Line.

175

00:31:30.500 --> 00:31:30.970

Mark Wickersham: Yeah.

176

00:31:30.970 --> 00:31:35.480

Warren Finkel: Yeah, people just don't know about what that looks like and what it is.

177

00:31:35.550 --> 00:31:38.519

Warren Finkel: You know, it's probably about a mile and a half long.

178

00:31:38.520 --> 00:32:00.530

Warren Finkel: of an elevated linear park built on a former freight line in the city. Most people don't even know that trees exist in the city. Obviously, it's Central Park, but this is in the heart of, this is in probably, I would say the meatpacking district at Chelsea Avenue, the Chelsea area, where it's an elevated park, and, it's really beautiful, so,

179

00:32:00.530 --> 00:32:05.079

Warren Finkel: The city's got some interesting areas, and a lot of people never heard of the High Line.

180

00:32:05.660 --> 00:32:20.630

Mark Wickersham: Yeah, it ends at Hudson Yard, or begins at Hudson Yard, because I'm Chelsea, it's a… it's a great take. I think that's a great, place to go, and it's a really nice walk. Nice park experience. Best pizza in New York?

181

00:32:21.600 --> 00:32:41.000

Warren Finkel: They always say Ray's, but you know, I think down in… down in… look, Little Italy is known for Italian food. I don't necessarily believe it's the best pizza, but, you know, I think there's a Ray's almost every other block.

182

00:32:41.350 --> 00:32:43.380

Warren Finkel: Pizza's fantastic in New York City.

183

00:32:43.380 --> 00:32:46.050

Mark Wickersham: Oh, that's great. I'm gonna throw it out there for Joe's, Joe's Pizza.

184

00:32:46.050 --> 00:32:47.420

Warren Finkel: Yep. Yep.

185

00:32:47.420 --> 00:32:53.599

Mark Wickersham: So… Alright, Warren, this has been great. Thanks so much for coming on the WealthTech Podcast.

186

00:32:53.900 --> 00:32:55.949

Warren Finkel: Thank you so much, Mark. Appreciate the time.