Family Office Security: The Questions I Hear the Most
As the lead of our Private Client + Family Office Services, you will often find me at events hosted by one of our industry partners. I graciously accept the opportunity to speak to gatherings of ultra-high net worth families and family office directors on a wide range of security risk management priorities. When the time comes for my audience to ask questions, I get a lot of them. Not because I’m not thorough in my presentations, but because my talk often conjures up risks and vulnerabilities families are facing but had no idea even existed.
After many of these engagements, a few themes have emerged. Here are some of the most common questions that I receive. Hopefully, my answers — if described in broad strokes — may be useful to anyone reading at home or simply wondering how to begin strengthening their family’s approach to security.
“What are you seeing in the space right now?”
This is probably the most popular question I receive, and it often translates to, “What do I need to be most concerned about?” Given the nature of the question, my answer evolves along with the threat landscape. But as of right now, I’m primarily concerned with cybersecurity, home security due to rising crime rates and social unrest, and social media privacy.
Those with malicious intent, either state-sponsored organized crime or individual hackers, have found that people who work in corporate environments have fairly robust security measures protecting their IT structure and environment. But that same security environment doesn’t carry over into the personal space, and cybercriminals have taken notice. C-suite individuals in particular are at risk, even when signing onto a residential Wi-Fi without the same layered protections. The pandemic, which resulted in more people working at home in less secure cyber environments, has led to a new area for cybercriminals to target — and they have been successful at it.
Local police in many jurisdictions have been stretched due to increased crime and other factors, resulting in longer response times for some criminal activity. It may take longer for law enforcement to respond to acts of trespass, suspicious persons around a home and even burglary of a home. Ensuring that you can be safe in your home for a longer period of time is necessary. In addition to enhancing basic security measures like intrusion detection systems and video surveillance, it may be time to consider identifying and equipping a safe area inside the home that will provide your family with safe harbor for an extended period of time.
Similarly, the proliferation of social media also creates a host of privacy issues for private clients. It’s important that a family, and each of its members across all generations, understand the risks associated with the information they share on public forums like Facebook, Instagram and Twitter. Social media audits, exposure assessments and monitoring can help identify vulnerabilities in the family’s social media habits, such as taking pictures on vacation or even revealing the names of pets.
“What scams are taking place?”
When I’m asked this, it isn’t usually in response to unrelenting robocalls or phishing emails, though we warn against those as well. People are more so concerned about threats in the context of family offices.
One of our major concerns is always the family’s insider threats: people. From financial advisors to nannies and chefs, an insider threat is anyone who has privileged access to the family’s private information and systems and may have an opportunity to commit fraud and theft, violate trust, or undermine privacy, intentionally or unintentionally.
For example, a nanny taking photos could divulge important information, such as where a child goes to school or their activities. Another example is a property manager who handles extremely sensitive details about the contents of a home, which could get into the wrong hands. Unintentional oversharing can usually be dealt with by educating staff on security risks and putting clear restrictions in place. Intentional information breaches are much more complex and could require extensive investigations and mitigation tactics. My intention here is not to instill fear in families but to inform them. Education and awareness go a long way toward uncovering potential threats and mitigating the impact of an incident.
“What can we do right now to improve our security?”
We stress that taking the proper precautions and enlisting the right services will go a long way in securing a private client’s assets. But for those who sense that they may be vulnerable, time is of the essence. Our first line of defense, and something most individuals can take care of on their own, is device security. In our increasingly cloud-based world, the security of our mobile devices can be a huge area of vulnerability.
Password management on your phone is a really easy thing that many people overlook. Everyone should be taking advantage of the security features their phone has to offer. Setting up fingerprint or face scanning access can take just a few seconds and adds a much stronger barrier against unauthorized access. Many people have extremely easy Wi-Fi passwords because they want them to be convenient. But people don't realize that those passwords can be broken or compromised in mere seconds. As I mentioned before, it is common for executives to log in to work from home. Sharing important files or even sending and receiving emails on a supposedly secure Wi-Fi channel with an easily hacked password puts both the executive and company at risk. To my audiences, I stress the importance of creating more complex passwords and changing them regularly.
“Where is it safe/not safe to travel?”
This question comes due to the pandemic as well as perceived travel-related risks.
Given my background as a former member of the Secret Service, audiences sometimes assume that I have an inside track on global security risks. The truth is that the government provides a wealth of information on potential risks around the world, particularly for travel abroad. Anyone can review the latest travel advisories on the U.S. government’s international travel site, Travel.State.Gov. The CDC provides guidelines, travel restrictions and warnings related to the pandemic.
Risks associated with factors such as kidnapping and terrorism are usually on the mind of high-net-worth individuals who commonly travel abroad for business or with family. People tend to rarely think about what they will do in the event of an emergency while traveling. How will they respond to an emergency? Are they prepared to evacuate their hotel or facility? Who will they contact — and how — if their normal devices and channels are lost or compromised?
This is why we suggest — and provide to our clients — a robust travel itinerary that includes important information, like emergency and nearby embassy contacts, open-source intelligence regarding any socioeconomic unrest in the area, research on local customs and any crime trends, and transportation information, among other topics. At the very least, we always recommend subscribing to the Smart Traveler Enrollment Program, the State Department’s mass notification system for alerts and travel advisories.
Ultimately, there are no bad questions in life, especially in the security world when you are seeking to protect yourself and those close to you. This is why, after a long career in the White House as the Special Agent in Charge of the Presidential Protective Division, I wanted to share what I knew with as many people as possible.