In our ‘always on’ world, with the lives of many successful individuals being shared and scrutinised online, family principals and by extension their family offices and loved ones – are increasingly at risk of having their privacy and security exposed.
Addressing this risk proactively means having the right plans and advisors in place. It is also critical to recognise that even though you may feel secure now, unforeseen events or triggers may increase your vulnerability to attack. These triggers can include, but are not limited to: high-value mergers; contract terminations; bad leavers; legal battles; moving funds out of certain jurisdictions; or regime change in countries that are key to your business or family interests.
You might also notice early warning indicators that you are being targeted as part of a hostile campaign. Facing obstacles such as restrictions on your freedom of movement or new travel or visa hurdles, or noticing signs that your movement is being monitored, should prompt you to review your physical and cyber security and remain alert to heightened risks.
Now, then, is a crucial time to assess whether the physical and digital security of you and your family is being prioritised.
Five steps you can take now:
1. Get interested in your data before someone else does
Being cautious about what you share publicly should not come as news – but digging into what information is out there about you may not be something that you have investigated before. By pre-emptively finding out what is already available in the public domain, you can help close any privacy gaps and mitigate security risks.
In an age of connectivity and big data, it only takes one small nugget of your personal information to help a hostile party to start ‘mining’ public sources for more. The most obvious of these sources is social media: uploading photographs; biographical data; names of family members; and even geotagging our favourite locations, including homes and holiday destinations, are all treasure troves of information in the wrong hands.
Information may appear benign in isolation, but once assembled, can be of great interest to a third-party intent on targeting you. Think of the risk of theft when your address is known, and when the fact you are on holiday is published on Instagram (read: no-one’s home).
Also consider publicly accessible registries or company information – what data do these records contain? This type of information is often shared without even a thought to privacy or security.
2. Understand your level of tolerance to third party actions
Some interference from hostile entities, whether the media or a state, may be an acceptable and manageable risk depending on your sector or jurisdiction. It is important, though, to set your thresholds and stick to them. Often when these things happen slowly over time, the creep towards giving up freedoms or liberty means you are more accepting of minor infractions – but before you know it, you have lost control. At times of proactive planning, it is useful to draw the line in the sand and decide when you feel the action of third parties will become unacceptable.
3. Monitor and record suspect activity
Keep records of any suspicious or malicious activity and be prepared to provide information and access to professionals if an issue does begin to manifest. This may be anything from suspicious emails, restrictions on your actions, or being followed: trust your instincts if it doesn’t seem in-keeping with the norm.
What might seem like one-off events may combine with future activity to paint a more worrying picture – and having all the facts from the start will make it easier to act when things escalate. By having a clear record, the ability to identify a culprit and enact a plan quickly will
save considerable uncertainty.
4. Review your current security provision
It’s a good idea to assess what physical and digital security you currently have in place. Do you, for example, have protocols, personnel and procedures for events and travel? And do you have a plan – that’s been tested – for security breaches, should they arise?
When it comes to digital security, it’s important that technology and software are regularly updated, and where possible, two factor authentication is set up. Education and awareness is very much a part of protecting your digital and cyber security, so training for you and your staff on issues such as how to spot a phishing email, may be a useful exercise. If not already implemented, ensure you conduct regular bug sweeps of your home and offices.
5. Have a plan in place.
It’s important to have a plan in place, however skeleton, to deal with a threat manifesting. The plan may cover, for instance, contingencies for if you are targeted or disappear. The plan should be developed and created by key stakeholders, such as your legal, financial, and PR advisors and involve key family members.
It is also prudent that you share an up- to-date response plan with a trusted advisor, possibly outside of your jurisdiction. This may include power of attorney for these advisors to act on your behalf and plans to ensure the safety of family members if you go missing. If your planning, processes, and procedures are robust, they can help navigate you and your family through a crisis.
This article was originally published in the Global Family Office Journal Volume 5. Click here to read the full article.