As the lead of our Private Client + Family Office Services, you will often find me at events hosted by one of our industry partners. I graciously accept the opportunity to speak to gatherings of ultra-high net worth families and family office directors on a wide range of security risk management priorities. When the time comes for my audience to ask questions, I get a lot of them. Not because I’m not thorough in my presentations, but because my talk often conjures up risks and vulnerabilities families are facing but had no idea even existed.
After many of these engagements, a few themes have emerged. Here are some of the most common family office security questions that I receive in the hope that my answers – if described in broad strokes – may be useful to anyone wondering how to begin strengthening their family’s approach to security.
“What are you seeing in the space right now?”
This is probably the most popular question I receive, and it often translates to, “What do I need to be most concerned about?” Given the nature of the question, my answer evolves along with the threat landscape, but as of right now I’m primarily concerned with cybersecurity and social media privacy.
Those with malicious intent, either state-sponsored organized crime or individual hackers, have found that people who work in corporate environments have fairly robust security measures protecting their IT structure and environment. But that same security environment doesn’t carry over into the personal space, and cybercriminals have taken notice. C-suite individuals, in particular, are at risk, even when signing onto a residential Wi-Fi without the same layered protections.
Similarly, the proliferation of social media also creates a host of privacy issues for private clients. It’s important that a family – and each of its members, across all generations – understand the risks associated with the information they share in public forums like Facebook, Instagram, Twitter and many others. Social media audits and exposure assessment and monitoring help identify vulnerabilities in the family’s social media habits – such as taking pictures on vacation or even revealing the names of their pets.
“What scams are taking place?”
When I’m asked this, it isn’t usually in response to unrelenting robo-calls or phishing emails – though we warn against those as well – but more so in the context of family offices.
One of our major concerns is always a family’s insider threat: people, from financial advisors to nannies and chefs, who have privileged access to the family’s private information and systems and may have an opportunity to commit fraud or theft or, whether intentionally or not, violate trust and undermine privacy.
For example, a nanny taking photos could divulge important information, such as where a child goes to school or their activities. Another example is a property manager and how to handle extremely sensitive details about the contents of a home, which could get into the wrong hands. Unintentional over-sharing can usually be dealt with by educating staff on security risks and putting clear restrictions in place. The intentional information breaches are much more complex and could require extensive investigations and mitigation tactics. My intention here is not to instill fear in families, but to inform. Education and awareness go a long way in uncovering potential threats and mitigating the impact of an incident.
“What can we do right now to improve our family office security?”
We stress that taking the proper precautions and enlisting the right services will go a long way in securing a private client’s assets, but for those who sense that they may be vulnerable, time is of the essence. Our first line of defense – and something most individuals can do on their own – is device security. In our increasingly cloud-based world, the security of our mobile devices can be a huge area of vulnerability.
Password management on your phone is a really easy thing that many people overlook, Everyone should be taking advantage of the security features their phone has to offer. Setting up fingerprint or eye scanning access can take just a few seconds and adds a much stronger barrier against unauthorized access. Many people have extremely easy Wi-Fi passwords because they want them to be convenient, but people don’t realize that those passwords can be broken or compromised in mere seconds. As I mentioned before, it is common for executives to log-in to work from home. Sharing important files or even sending and receiving emails on purportedly secure Wi-Fi channels with an easily hacked password puts both the executive and the company at risk. To my audiences, I stress the importance of creating more complex Wi-Fi passwords and changing them regularly.
“Where is it safe/not safe to travel?”
Given my background as a former member of the Secret Service, audiences sometimes assume that I have an inside track on global security risks. The truth is that the government provides a wealth of information on potential risks around the world, particularly for travel abroad. Anyone can review the latest travel advisories at on the U.S. government’s international travel site, travel.state.gov.
Risks associated with factors such as kidnapping and terrorism are usually on the minds of high-net-worth individuals for whom travel abroad – on business or with family – is commonplace. What people tend to rarely think about is what they will do in the event of an emergency while traveling. How will they respond to an emergency? Are they prepared to evacuate their hotel or facility? Who will they contact – and how – if their normal devices and channels are lost or compromised?
This is why we suggest – and provide to our clients – a robust travel itinerary that includes important information like emergency and nearby embassy contacts; open-source intelligence regarding any socioeconomic unrest in the area; research on the local customs and any crime trends; and transportation information, among other topics. At the very least, we always recommend subscribing to the Smart Traveler Enrollment Program, the State Department’s mass notification system for alerts and travel advisories.
Ultimately, there are no bad questions in life – especially in the security world when you are seeking to protect you and those close to you. This is why I joined the Hillard Heintze team after a long career in the White House as the Special Agent in Charge of the Presidential Protective Division: I wanted to share what I knew with as many people as possible.