PROTECT YOUR
WEALTH ONLINE

 

Altoo, a Swiss wealthtech company operating an independent wealth management platform  founded in 2017 by asset owners with years of experience managing multi-generational capital, empowers wealthy individuals and their families to consolidate and interact intuitively with their total wealth. Their advanced wealth aggregation management system is working to change the tide of cybersecurity threats with industry-leading systems and monitoring. Amongst its many pioneering features include three-factor authentication.

​

"The cybercrime industry is on a steep rise, as many studies show, and it is now a multi-billion market," says Stefan Thiel, CTO of Altoo. "With the Internet of Things, and an ever-increasing  umber of devices reachable by the internet, from everywhere by everyone, the potential threats become even more manifold. Organizations must implement even more robust cybersecurity measures to prevent sophisticated attacks."

​

Re-imagining online wealth management security:

Altoo features highly encrypted communication and storage tools, a very fine granular and sophisticated authorization mechanism, intrusion detection, and advanced security vulnerability testing, to name just a few of its many security features. "Our platform is operated in a professional Tier3 data center in Switzerland with all the strict measures that protect physical access to our hardware," Thiel explains. "Additionally, our platform is produced and resides only  in Switzerland, and we hire only people based in Switzerland, ensuring a higher level of cyberattack protection."

​

"We monitor thousands of emails daily and have a lot of phishing emails, of which our email filter  catches 98%," says Thiel. "A few sophisticated emails that can bypass our systems are often  to  ITOps [IT Operations] by employees or seen by ITOps. These then help us improve our email filter  rules continuously. We also have brute force URL scanning (attacks) on our platforms  (https/443). The source IPs of such URL scans are banned after only a few improper requests to block extensive scans or misusage."

​

Ransom protection is a vital part of protecting a system from cyber attacks. "Ransom is usually  also about stealing data and threatening to publish confidential data," explains Thiel. "That is why  we only store sensitive data in an encrypted manner. Segmentation adds further hurdles for any ransom to spread. We have multiple network segments protected by inner and outer firewalls. Concepts such as "jump hosts" (hardened virtual desktops without access to the internet) protect  access to sensitive infrastructure and data. Our different operating systems in different segments  add further hurdles for any ransom malware to spread. We also have different communication  services in different, separated locations to ensure communication with authorities and clients in  case of a [partially] successful attack."

​

Protecting yourself online:

​

Thiel recommends that all online users follow a general checklist to protect themselves from  cybersecurity attacks. These include:

• Having endpoint device security installed

​

• Not installing unnecessary applications, especially ones that are for fun.

• Exercise caution around freeware – one must understand the motivation/ how somebody earns  his money; often, freeware is free because the user, his data or behavior, is the product they make  money with.

​

• Stay updated – most serious products will update themselves regularly.

​

• Don't fall for any promises – most promises are so primitive; for example, you won't win a lottery  if you do not participate. You won't inherit from unknown people. The sad thing is that  people are still fooled by these phishing emails.

​

• Finally, keep offline backups of important data.

​

Thiel also recommends that those at the forefront of preventing cybersecurity stay updated with the latest threats by attending leading industry events. However, he cautions that they should be  attended only by those who fully understand the industry. "Security is a major moneymaking business working with the fears of people that do not understand cybersecurity," Thiel explains.  "Everything labeled security implicitly has a much higher price. Such conferences provide a very  good product and service overview if you know and understand the threats in your situation and  your protection needs. One of the key things that security providers do not tell you is that adding  products and services to your dispositive is adding attack points (threat vectors), which you must consider. A good example of this was the 2020 cyberattack on SolarWinds when more than 18,000  customers installed malicious updates."

​