Cybersecurity

How to stop cybercriminals at your digital doorstep

Today, few organizations are immune to cyberattacks. Family offices and small businesses are no exception.

Increasingly, small organizations are being targeted with the same phishing, malware and ransomware attacks that each year cost bigger businesses trillions of dollars in losses.1 It’s therefore essential for them to develop robust cybersecurity controls and have a well-thought-out recovery plan in place—hopefully before a cyber breach occurs.

A cautionary tale

Cybersecurity for a family office client that was managing investments, real estate properties and day-to-day finances for several generations of one family primarily depended on weekly backups of data and systems—plus incremental backups every night. The office team believed this two-pronged strategy would allow them to recover data from many different points in time if a problem ever arose.

Unfortunately, a ransomware attack quickly revealed the flaws in this approach: All of the office’s day-to-day systems as well as its backups were stored on the same network.

Hackers were able to gain control of all of the office’s systems and information, and demanded a ransom of $500,000. Initially, the family declined to pay the ransom, hoping to find a workaround. But after a 10-day shutdown of the office, they paid the ransom to restore their systems.

Steps to take now

In the event of a cyberattack, preparation is key. Ensure you develop, test and execute resiliency plans. To help you get started, refer to the below best practices:

Manage people and processes

  • Put an employee training program in place—Many cyberattacks start with phishing or malware. Teach your employees how to identify and report suspicious emails or other online activities. Periodically test their knowledge and skills.
  • Limit employees’ internet access from company-owned devices—Reducing the number of sites employees can visit can reduce the likelihood of malware being introduced into your operations.
  • Add an advanced spam-filtering service to your operations—A spam filter can help you identify and block phishing emails, and reduce the likelihood of someone on your staff responding to a spoofed email domain. Even better: Opt for a spam filter that includes these features:
    • URL rewriting—Analyzes links sent in emails and blocks users from accessing potentially malicious websites.
    • Attachment sandboxing—Automatically opens and scans files attached to incoming emails to detect if malware or viruses are hidden in them.
    • Email impersonation detection—Helps identify if a sender is attempting to impersonate a colleague’s or business partner’s email account.
  • Install system patches and software updates as soon as they become available—Prioritize patching efforts according to:
    • The types of data contained in a given system.
    • Their degree of importance to your overall operations.
    • The likelihood of the patches themselves disrupting business operations.

Have a backup plan

  • Create multiple data backups—To restore systems in the wake of a cyberattack, consider storing copies on cloud services or completely offline.
  • Conduct a business impact analysis—Assess the potential consequences of a cyberattack on your operations as well as on your recovery strategy. For example:
    • Could your business operate offline if no online systems are available?
    • How would you make crucial payments?
    • Which systems would need to be recovered first?
    • Who inside the organization would make critical decisions?
    • What outside parties (partners, regulators, press, customers/clients) would need to be notified if a cyberbreach occurred?

Don’t go at it alone

  • Develop a relationship with a cyber-resiliency partner before an incident occurs—A partnership with a digital forensics and incident response firm, for example, can help you mitigate the impact of an attack and reduce the amount of time it takes to recover.
  • Supplement your recovery plans with a cybersecurity insurance policy—This can help defray a portion of the losses you may incur.
  • Test the strength of your system security—Have an IT and security provider assess the strength of your cyber protections, and implement more robust controls and technologies, if needed.

Document and practice

  • Create a playbook—Take the time to map a clear path to recovering from a cyberattack.
  • Conduct regular reviews—Practice and update your resiliency plans on a regular basis to ensure they will be executed successfully in the event of an incident.

We can help

J.P. Morgan is committed to providing safe, resilient services to our clients and partners within an ever-evolving threat landscape. To learn more about protecting your business and yourself from cybercriminals, please contact your J.P. Morgan team.

1Cybercrime to Cost the World $10.5 Trillion Annually by 2025.
Follow these steps to reduce risks for small businesses and family offices.

EXPERIENCE THE FULL POSSIBILITY OF YOUR WEALTH

We can help you navigate a complex financial landscape. Reach out today to learn how.

Contact us
Important Information

This article is provided for educational and informational purposes only and is not intended, nor should it be relied upon, to address every aspect of the subject discussed herein. The information provided in this article is intended to help clients protect themselves from cyber fraud. It does not provide a comprehensive listing of all types of cyber fraud activities and it does not identify all types of cybersecurity best practices. You, your company or organization is responsible for determining how to best protect itself against cyber fraud activities and for selecting the cybersecurity best practices that are most appropriate to your needs. Any reproduction, retransmission, dissemination or other unauthorized use of this article or the information contained herein by any person or entity is strictly prohibited.

Key Risks

This material is for informational purposes only, and may inform you of certain products and services offered by private banking businesses, part of JPMorgan Chase & Co. (“JPM”). Products and services described, as well as associated fees, charges and interest rates, are subject to change in accordance with the applicable account agreements and may differ among geographic locations. Not all products and services are offered at all locations. If you are a person with a disability and need additional support accessing this material, please contact your J.P. Morgan team or email us at accessibility.support@jpmorgan.com for assistance. Please read all Important Information.

General Risks & Considerations

Any views, strategies or products discussed in this material may not be appropriate for all individuals and are subject to risks. Investors may get back less than they invested, and past performance is not a reliable indicator of future results. Asset allocation/diversification does not guarantee a profit or protect against loss. Nothing in this material should be relied upon in isolation for the purpose of making an investment decision. You are urged to consider carefully whether the services, products, asset classes (e.g., equities, fixed income, alternative investments, commodities, etc.) or strategies discussed are suitable to your needs. You must also consider the objectives, risks, charges, and expenses associated with an investment service, product or strategy prior to making an investment decision. For this and more complete information, including discussion of your goals/situation, contact your J.P. Morgan team.

Non-Reliance

Certain information contained in this material is believed to be reliable; however, JPM does not represent or warrant its accuracy, reliability or completeness, or accept any liability for any loss or damage (whether direct or indirect) arising out of the use of all or any part of this material. No representation or warranty should be made with regard to any computations, graphs, tables, diagrams or commentary in this material, which are provided for illustration/ reference purposes only. The views, opinions, estimates and strategies expressed in this material constitute our judgment based on current market conditions and are subject to change without notice. JPM assumes no duty to update any information in this material in the event that such information changes. Views, opinions, estimates and strategies expressed herein may differ from those expressed by other areas of JPM, views expressed for other purposes or in other contexts, and this material should not be regarded as a research report. Any projected results and risks are based solely on hypothetical examples cited, and actual results and risks will vary depending on specific circumstances. Forward-looking statements should not be considered as guarantees or predictions of future events.

Nothing in this document shall be construed as giving rise to any duty of care owed to, or advisory relationship with, you or any third party. Nothing in this document shall be regarded as an offer, solicitation, recommendation or advice (whether financial, accounting, legal, tax or other) given by J.P. Morgan and/or its officers or employees, irrespective of whether or not such communication was given at your request. J.P. Morgan and its affiliates and employees do not provide tax, legal or accounting advice. You should consult your own tax, legal and accounting advisors before engaging in any financial transactions.

IMPORTANT INFORMATION ABOUT YOUR INVESTMENTS AND POTENTIAL CONFLICTS OF INTEREST

Conflicts of interest will arise whenever JPMorgan Chase Bank, N.A. or any of its affiliates (together, “J.P. Morgan”) have an actual or perceived economic or other incentive in its management of our clients’ portfolios to act in a way that benefits J.P. Morgan. Conflicts will result, for example (to the extent the following activities are permitted in your account): (1) when J.P. Morgan invests in an investment product, such as a mutual fund, structured product, separately managed account or hedge fund issued or managed by JPMorgan Chase Bank, N.A. or an affiliate, such as J.P. Morgan Investment Management Inc.; (2) when a J.P. Morgan entity obtains services, including trade execution and trade clearing, from an affiliate; (3) when J.P. Morgan receives payment as a result of purchasing an investment product for a client’s account; or (4) when J.P. Morgan receives payment for providing services (including shareholder servicing, recordkeeping or custody) with respect to investment products purchased for a client’s portfolio. Other conflicts will result because of relationships that J.P. Morgan has with other clients or when J.P. Morgan acts for its own account.

Investment strategies are selected from both J.P. Morgan and third-party asset managers and are subject to a review process by our manager research teams. From this pool of strategies, our portfolio construction teams select those strategies we believe fit our asset allocation goals and forward-looking views in order to meet the portfolio’s investment objective.

As a general matter, we prefer J.P. Morgan managed strategies. We expect the proportion of J.P. Morgan managed strategies will be high (in fact, up to 100 percent) in strategies such as, for example, cash and high-quality fixed income, subject to applicable law and any account-specific considerations.

While our internally managed strategies generally align well with our forward-looking views, and we are familiar with the investment processes as well as the risk and compliance philosophy of the firm, it is important to note that J.P. Morgan receives more overall fees when internally managed strategies are included. We offer the option of choosing to exclude J.P. Morgan managed strategies (other than cash and liquidity products) in certain portfolios.

The Six Circles Funds are U.S.-registered mutual funds managed by J.P. Morgan and sub-advised by third parties. Although considered internally managed strategies, JPMC does not retain a fee for fund management or other fund services.

Legal Entity, Brand & Regulatory Information

In the United States, bank deposit accounts and related services, such as checking, savings and bank lending, are offered by JPMorgan Chase Bank, N.A. Member FDIC.

JPMorgan Chase Bank, N.A. and its affiliates (collectively “JPMCB”) offer investment products, which may include bank-managed investment accounts and custody, as part of its trust and fiduciary services. Other investment products and services, such as brokerage and advisory accounts, are offered through J.P. Morgan Securities LLC (“JPMS”), a member of FINRA and SIPC. Insurance products are made available through Chase Insurance Agency, Inc. (CIA), a licensed insurance agency, doing business as Chase Insurance Agency Services, Inc. in Florida. JPMCB, JPMS and CIA are affiliated companies under the common control of JPM. Products not available in all states.

In Germany, this material is issued by J.P. Morgan SE, with its registered office at Taunustor 1 (TaunusTurm), 60310 Frankfurt am Main, Germany, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB). In Luxembourg, this material is issued by J.P. Morgan SE—Luxembourg Branch, with registered office at European Bank and Business Centre, 6 route de Treves, L-2633, Senningerberg, Luxembourg, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE—Luxembourg Branch is also supervised by the Commission de Surveillance du Secteur Financier (CSSF); registered under R.C.S Luxembourg B255938. In the United Kingdom, this material is issued by J.P. Morgan SE—London Branch, registered office at 25 Bank Street, Canary Wharf, London E14 5JP, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE—London Branch is also supervised by the Financial Conduct Authority and Prudential Regulation Authority. In Spain, this material is distributed by J.P. Morgan SE, Sucursal en España, with registered office at Paseo de la Castellana, 31, 28046 Madrid, Spain, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE, Sucursal en España is also supervised by the Spanish Securities Market Commission (CNMV); registered with Bank of Spain as a branch of J.P. Morgan SE under code 1567. In Italy, this material is distributed by J.P. Morgan SE—Milan Branch, with its registered office at Via Cordusio, n.3, Milan 20123, Italy, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE—Milan Branch is also supervised by Bank of Italy and the Commissione Nazionale per le Società e la Borsa (CONSOB); registered with Bank of Italy as a branch of J.P. Morgan SE under code 8076; Milan Chamber of Commerce Registered Number: REA MI 2536325. In the Netherlands, this material is distributed by J.P. Morgan SE—Amsterdam Branch, with registered office at World Trade Centre, Tower B, Strawinskylaan 1135, 1077 XX, Amsterdam, The Netherlands, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE—Amsterdam Branch is also supervised by De Nederlandsche Bank (DNB) and the Autoriteit Financiële Markten (AFM) in the Netherlands. Registered with the Kamer van Koophandel as a branch of J.P. Morgan SE under registration number 72610220. In Denmark, this material is distributed by J.P. Morgan SE—Copenhagen Branch, filial af J.P. Morgan SE, Tyskland, with registered office at Kalvebod Brygge 39-41, 1560 København V, Denmark, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE—Copenhagen Branch, filial af J.P. Morgan SE, Tyskland is also supervised by Finanstilsynet (Danish FSA) and is registered with Finanstilsynet as a branch of J.P. Morgan SE under code 29010. In Sweden, this material is distributed by J.P. Morgan SE—Stockholm Bankfilial, with registered office at Hamngatan 15, Stockholm, 11147, Sweden, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE—Stockholm Bankfilial is also supervised by Finansinspektionen (Swedish FSA); registered with Finansinspektionen as a branch of J.P. Morgan SE. In Belgium, this material is distributed by J.P. Morgan SE—Brussels Branch with registered office at 35 Boulevard du Régent, 1000, Brussels, Belgium, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE Brussels Branch is also supervised by the National Bank of Belgium (NBB) and the Financial Services and Markets Authority (FSMA) in Belgium; registered with the NBB under registration number 0715.622.844. In Greece, this material is distributed by J.P. Morgan SE—Athens Branch, with its registered office at 3 Haritos Street, Athens, 10675, Greece, authorized by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB); J.P. Morgan SE—Athens Branch is also supervised by Bank of Greece; registered with Bank of Greece as a branch of J.P. Morgan SE under code 124; Athens Chamber of Commerce Registered Number 158683760001; VAT Number 99676577. In France, this material is distributed by J.P. Morgan SE – Paris Branch, with its registered office at 14, Place Vendôme 75001 Paris, France, authorized by the Bundesanstaltfür Finanzdienstleistungsaufsicht (BaFin) and jointly supervised by the BaFin, the German Central Bank (Deutsche Bundesbank) and the European Central Bank (ECB) under code 842 422 972; J.P. Morgan SE – Paris Branch is also supervised by the French banking authorities the Autorité de Contrôle Prudentiel et de Résolution (ACPR) and the Autorité des Marchés Financiers (AMF). In Switzerland, this material is distributed by J.P. Morgan (Suisse) SA, with registered address at rue du Rhône, 35, 1204, Geneva, Switzerland, which is authorized and supervised by the Swiss Financial Market Supervisory Authority (FINMA) as a bank and a securities dealer in Switzerland.

This communication is an advertisement for the purposes of the Markets in Financial Instruments Directive (MIFID II) and the Swiss Financial Services Act (FINSA). Investors should not subscribe for or purchase any financial instruments referred to in this advertisement except on the basis of information contained in any applicable legal documentation, which is or shall be made available in the relevant jurisdictions (as required).

In Hong Kong, this material is distributed by JPMCB, Hong Kong branch. JPMCB, Hong Kong branch is regulated by the Hong Kong Monetary Authority and the Securities and Futures Commission of Hong Kong. In Hong Kong, we will cease to use your personal data for our marketing purposes without charge if you so request. In Singapore, this material is distributed by JPMCB, Singapore branch. JPMCB, Singapore branch is regulated by the Monetary Authority of Singapore. Dealing and advisory services and discretionary investment management services are provided to you by JPMCB, Hong Kong/Singapore branch (as notified to you). Banking and custody services are provided to you by JPMCB Singapore Branch. The contents of this document have not been reviewed by any regulatory authority in Hong Kong, Singapore or any other jurisdictions. You are advised to exercise caution in relation to this document. If you are in any doubt about any of the contents of this document, you should obtain independent professional advice. For materials which constitute product advertisement under the Securities and Futures Act and the Financial Advisers Act, this advertisement has not been reviewed by the Monetary Authority of Singapore. JPMorgan Chase Bank, N.A., a national banking association chartered under the laws of the United States, and as a body corporate, its shareholder’s liability is limited.

With respect to countries in Latin America, the distribution of this material may be restricted in certain jurisdictions. We may offer and/or sell to you securities or other financial instruments which may not be registered under, and are not the subject of a public offering under, the securities or other financial regulatory laws of your home country. Such securities or instruments are offered and/or sold to you on a private basis only. Any communication by us to you regarding such securities or instruments, including without limitation the delivery of a prospectus, term sheet or other offering document, is not intended by us as an offer to sell or a solicitation of an offer to buy any securities or instruments in any jurisdiction in which such an offer or a solicitation is unlawful. Furthermore, such securities or instruments may be subject to certain regulatory and/or contractual restrictions on subsequent transfer by you, and you are solely responsible for ascertaining and complying with such restrictions. To the extent this content makes reference to a fund, the Fund may not be publicly offered in any Latin American country, without previous registration of such fund’s securities in compliance with the laws of the corresponding jurisdiction.

JPMorgan Chase Bank, N.A. (JPMCBNA) (ABN 43 074 112 011/AFS Licence No: 238367) is regulated by the Australian Securities and Investment Commission and the Australian Prudential Regulation Authority. Material provided by JPMCBNA in Australia is to “wholesale clients” only. For the purposes of this paragraph the term “wholesale client” has the meaning given in section 761G of the Corporations Act 2001 (Cth). Please inform us if you are not a Wholesale Client now or if you cease to be a Wholesale Client at any time in the future.

JPMS is a registered foreign company (overseas) (ARBN 109293610) incorporated in Delaware, U.S.A. Under Australian financial services licensing requirements, carrying on a financial services business in Australia requires a financial service provider, such as J.P. Morgan Securities LLC (JPMS), to hold an Australian Financial Services Licence (AFSL), unless an exemption applies. JPMS is exempt from the requirement to hold an AFSL under the Corporations Act 2001 (Cth) (Act) in respect of financial services it provides to you, and is regulated by the SEC, FINRA and CFTC under U.S. laws, which differ from Australian laws. Material provided by JPMS in Australia is to “wholesale clients” only. The information provided in this material is not intended to be, and must not be, distributed or passed on, directly or indirectly, to any other class of persons in Australia. For the purposes of this paragraph the term “wholesale client” has the meaning given in section 761G of the Act. Please inform us immediately if you are not a Wholesale Client now or if you cease to be a Wholesale Client at any time in the future.

This material has not been prepared specifically for Australian investors. It:

  • May contain references to dollar amounts which are not Australian dollars;
  • May contain financial information which is not prepared in accordance with Australian law or practices;
  • May not address risks associated with investment in foreign currency denominated investments; and
  • Does not address Australian tax issues.

References to “J.P. Morgan” are to JPM, its subsidiaries and affiliates worldwide. “J.P. Morgan Private Bank” is the brand name for the private banking business conducted by JPM. This material is intended for your personal use and should not be circulated to or used by any other person, or duplicated for non-personal use, without our permission. If you have any questions or no longer wish to receive these communications, please contact your J.P. Morgan team.

© 2024 JPMorgan Chase & Co. All rights reserved.

LEARN MORE About Our Firm and Investment Professionals Through FINRA Brokercheck

 

To learn more about J.P. Morgan’s investment business, including our accounts, products and services, as well as our relationship with you, please review our J.P. Morgan Securities LLC Form CRS and Guide to Investment Services and Brokerage Products

 

JPMorgan Chase Bank, N.A. and its affiliates (collectively "JPMCB") offer investment products, which may include bank-managed accounts and custody, as part of its trust and fiduciary services. Other investment products and services, such as brokerage and advisory accounts, are offered through J.P. Morgan Securities LLC ("JPMS"), a member of FINRA and SIPC. Insurance products are made available through Chase Insurance Agency, Inc. (CIA), a licensed insurance agency, doing business as Chase Insurance Agency Services, Inc. in Florida. JPMCB, JPMS and CIA are affiliated companies under the common control of JPMorgan Chase & Co. Products not available in all states.

 

Please read the Legal Disclaimer for key important J.P. Morgan Private Bank information in conjunction with these pages.

INVESTMENT AND INSURANCE PRODUCTS ARE: • NOT FDIC INSURED • NOT INSURED BY ANY FEDERAL GOVERNMENT AGENCY • NOT A DEPOSIT OR OTHER OBLIGATION OF, OR GUARANTEED BY, JPMORGAN CHASE BANK, N.A. OR ANY OF ITS AFFILIATES • SUBJECT TO INVESTMENT RISKS, INCLUDING POSSIBLE LOSS OF THE PRINCIPAL AMOUNT INVESTED

Bank deposit products, such as checking, savings and bank lending and related services are offered by JPMorgan Chase Bank, N.A. Member FDIC.

Not a commitment to lend. All extensions of credit are subject to credit approval.

Equal Housing Lender Icon