Protecting Your Wealth: A Cybersecurity Guide with Max Alles | Ep 26

Watch or listen to the episode below:

For our first guest episode of Long Story Short, we brought in someone who spends every day thinking about a threat that keeps many wealthy families awake at night: cybersecurity.

Max Alles is the founder and CEO of Alles Technology, a cybersecurity-focused IT firm serving wealth management and financial services organizations. Since founding the company in 2021, Max has grown Alles Technology across 18 states, supporting over 30 wealth management firms with a 98% client retention rate. He's also a Forbes Business Council member and regular contributor on practical cybersecurity strategies for business leaders.

We wanted to bring Max on because the cybersecurity landscape has changed dramatically in the past few years, particularly with the rise of AI. The threats targeting high-net-worth individuals and families have become more sophisticated and personalized. At the same time, many of the protective measures people think will keep them safe actually fall short.

The Evolving Threat Landscape

Max started by addressing the number one cyber threat facing wealthy families today: spear phishing. Unlike bulk phishing emails sent to thousands of people hoping to catch a few victims, spear phishing involves highly targeted attacks customized to you specifically.

These attacks are designed based on your history, the people you know, and the activities you're involved with. With AI making these messages increasingly convincing, they're becoming harder to detect. The threat extends beyond email too. Spear phishing can come through social media accounts, physical mail (which has no spam filter), phone calls, and text messages.

The second major threat Max highlighted was SIM swapping attacks. This is where a bad actor clones your cell phone SIM card so they can start receiving copies of your text messages. The goal? Capturing your multifactor authentication codes. Max has seen cases where criminals use this access to call banks or investment institutions and transfer money using phone banking, since the phone number itself serves as authentication.

Three Steps You Can Take Today

When Andy asked for practical, high-impact steps regular people can take to reduce their cyber risk, Max provided three specific actions:

First, protect yourself against AI voice cloning scams. Criminals can now clone someone's voice using samples from social media, voicemail recordings, or even those spam calls that seem designed just to get you talking. The defense strategy has two parts: Use a generic voicemail that doesn't feature your voice (or have someone else record it for you), and establish a family password. If a family member calls claiming to be in trouble, they must provide this password before you take any action. This simple protocol can prevent devastating scams where criminals impersonate loved ones to extract emergency funds.

Second, whenever you have the option, use an authenticator app instead of text message authentication for multifactor verification. This applies to social media, email, and especially financial institutions. While multifactor authentication dramatically reduces your risk, text-based codes remain vulnerable to SIM swapping attacks.

Third, if you're using a PC (Macs have stronger built-in security), make sure you're using a password manager like LastPass, Dashlane, or 1Password. These heavily encrypted services protect your credentials against theft. Many people don't realize how easy it is for a bad actor to steal all your passwords from Chrome, Edge, or Firefox if you accidentally click on a phishing link. You might never even know your credentials have been compromised.

Why Multifactor Authentication Isn't Enough

One of the most important points Max made was about the false sense of security that comes from setting up multifactor authentication. While it absolutely reduces your risk, it doesn't make you invulnerable. Bad actors continue developing schemes to access accounts despite these protections.

The key is maintaining vigilance. Only click on links you're expecting. Only open attachments you're anticipating. If something arrives out of the blue, call the sender and verify before taking action. As Max put it, cybersecurity is never convenient, but it's very necessary.

Coordinating Protection Across Your Financial Team

Andy raised an important point about the complexity of working with multiple financial professionals. When you have a financial advisor, attorney, tax advisor, and real estate agent all handling sensitive information, how do you ensure everyone is maintaining proper cybersecurity standards?

Max explained that financial advisors face strict SEC requirements around data protection, but your tax accountant or attorney may not have the same level of regulation. This means you need to ask hard questions to everyone you work with, especially when handing over sensitive information. How are you protecting your firm's data? What cybersecurity measures do you have in place?

You can compare answers across different firms to gauge whether you're working with a group of professionals who take cyber protection seriously, or whether you need to consider making changes. As Max emphasized, you're only as strong as your weakest link. If someone can break into one business that has access to your personal data, they have a way to compromise your credit history and financial accounts.

Another critical practice Max highlighted: Use file share links when sending sensitive documents. Either the professionals you work with should be able to provide secure sharing options, or you should establish your own system. Avoid sending sensitive data over email, which isn't secure. If someone compromises your email or a partner's email, they can access those documents and use the information to design even more sophisticated attacks targeting you.

A Reason for Optimism

Adam asked Max about the developments helping protect against these threats rather than just amplifying them.

Max pointed out that while AI is being used by bad actors, it's also being deployed by thousands of cybersecurity professionals to fortify systems and develop new ways to detect threats. Over time, this should make it harder for phishing emails to reach your inbox in the first place. The FBI has also been doing strong work focusing on cyber terrorism and cracking down on these operations.

While we need to prepare for the downsides and take the protective steps Max outlined, AI could eventually help move cybersecurity outside of something we have to think about constantly. We're not there yet, but the trajectory is promising.

Taking Action

The cybersecurity threats facing high-net-worth families are real and evolving. But they're not insurmountable. The steps Max outlined don't require technical expertise or expensive systems. They require awareness, intentional choices about how you handle sensitive information, and asking the right questions of the professionals you work with.

Start with the basics: Set up that family password. Switch to a password manager. Use authenticator apps instead of text messages. Change your voicemail to a generic recording. These simple changes can dramatically reduce your vulnerability to the most common and damaging attacks.

Putting It All Together

Asset allocation isn't about predicting next year's hot performer. It's about building a portfolio you can stick with through all market environments while achieving your long-term goals.

The right allocation balances your personal risk tolerance with your portfolio's income needs. It combines cash for emergencies, bonds for stability and income, stocks for long-term growth, and potentially alternatives for additional diversification.

This decision deserves thoughtful annual review. Not constant tinkering based on headlines, but periodic reassessment as your life circumstances and financial needs evolve.

If your portfolio is growing over time and you can sleep at night when markets sell off, you've probably gotten your asset allocation right. That's the goal.

Listen to the full conversation on Long Story Short: