Combating Insider Threats in Family Offices
Summary
Family offices face novel but predictable risks from insider threats—individuals within the trusted circle who may intentionally or unintentionally compromise sensitive information, assets, or personnel. Below, we look at the unique challenges that family offices face when managing insider threats, which are exacerbated by factors such as remote work, diverse insider profiles, a lack of regular background check programs, survivorship bias, and a lack of formal security infrastructure.
Insider threats can come from a variety of sources, including employees, former employees, contractors, vendors, and family members. The motivations for these threats vary, including financial gain, personal grievances, ideological beliefs, and commonly simple negligence.
We discuss insider threat indicators, common misconceptions about implementing an insider threat program, the importance of developing a comprehensive Insider Threat Management Program (ITMP) tailored to the specific needs of family offices, and a framework for developing your own family office insider threat protection program.
Proactive management of insider threats is an effective strategy that can protect a family's financial well-being while also ensuring the family's long-term security, privacy, reputation, and legacy.
Introduction
Risk management strategies: wealthy families know them well, and they’re no strangers to implementing them.
With great technological innovations have come unprecedented conveniences and opportunities, of course. Yet, these same innovations have also ushered in novel risks. The same advancements that empower family offices to efficiently manage their affairs have become avenues for malicious insiders to exploit.
Given the increase in opportunity, one significant challenge that family offices increasingly face is managing insider threats.
These threats, originating from within the trusted circle of employees and associates, pose a unique challenge to traditional risk management approaches. Due to their nature, family offices often lack the resources and strategies to help prevent and detect such threats. This leaves them vulnerable to even well-intentioned insiders—or worse, attractive targets to those with malicious intent.
Growth of remote work has presented family offices with even greater, more modern challenges in addressing insider threats. A more flexible working style can lead to a breakdown in interpersonal relationships as well as an inability to spot potential risky activities by colleagues. When you’re not in the same space, it can be difficult to notice behavioral changes associated with nefarious insiders. In addition, work activities are carried out using systems that are not located in a secure, central environment.
Insider threats in family offices can arise from anyone with access to sensitive information—whether employees, advisors, contractors, or even family members themselves. These threats can jeopardize not only the financial well-being of the family but also their reputation, safety, and privacy.
Below, we’ll explore the nature of insider threats in family offices and provide a framework for better protection against the risks they pose.
What are insider threats?
An insider is a trusted individual in your organization that has the knowledge of or access to your physical and digital assets.
Typically, you would think of insiders as your current employees or family members — but it goes further than that. Insiders can also be former employees who still have intimate knowledge of your operations, strategic plans, or IT networks. They can also be third parties such as consultants and vendors.
So, insider threats occur when these individuals with legitimate access deliberately or unintentionally jeopardize the organization's goals, privacy, sensitive information, assets, or personnel. These incidents, either intended or not, can result in a wide range of damages. Fortunately, organizations can implement effective strategies to anticipate, mitigate, and respond to them.
Insiders are not all the same
Insiders and the level of threat that they pose can vary based on the sensitivity of their access within your organization. Plus, what is critical for one family may be less important to another—depending on their priorities, one may respond differently than the other to issues of access. For example, consider the various levels of sensitivity in these employee below and how they relate to your circumstances:
Family office finance manager with access to financial records, bookkeeping, accounting records, legal agreements, and bank accounts
Former family office employee who had access to sensitive documents
Administrative professional with physical access to office areas, personal schedules, communications, and confidential family matters
Security personnel, both cyber and physical, who are intimately familiar with private, confidential aspects of the family
Cloud service provider's employee with access to hosted data
Outsourced payroll processor with access to family member and family office employee information
Software engineer at a consolidated investment reporting vendor with access to source code in a piece of technology
Family member working as an intern in the family office
Custodial staff or HVAC technician with after-hours access to office spaces
Spouse using a family office employee's work laptop at home for personal purposes
Investment advisor with access to portfolio details, investment strategies, and financial projections.
Friend given temporary access to the family office Wi-Fi network or an employee's work phone
Art and collectible curator or appraiser with access to information about valuable assets and their locations
Philanthropy or political advocacy consultant with access to information about charitable giving strategies, family values, and political donation plans
Yacht or private jet crew with physical access to family members and potential information overheard from sensitive conversations
Personal trainer or nutritionist with regular contact with family members and access to health information
Smart home technology installer with access to home networks and potential connected devices with sensitive information
Any third-party family office vendors with access to customer data and personally identifiable information (“PII”)
-
Examples of PII include social security numbers, addresses, biometrics, passwords, account numbers, social media account logins, legal records, etc.
What does an insider attack look like?
Insider attacks happen when people who have rightful access, whether it’s on purpose or by mistake, endanger the organization's objectives, confidentiality, critical data, resources, or staff.
In this situation, someone has trusted access to the family and family office and reveals sensitive information to parties who should not have it. Families might see this through issues such as unauthorized data access, workplace violence, sabotage, corporate espionage, intellectual property theft, or inadvertent disclosure of sensitive information.
Downloading or accessing unusually large amounts of family office data
Accessing sensitive data not related to their family office role
Using unauthorized external storage devices
Emailing sensitive family office data to outside parties
Entering the family office spaces or logging into networks outside of normal working hours
Attempting to bypass access controls and family office protocols
Posting confidential family office information on social media accounts
Displaying disgruntled behavior towards colleagues
Repeated violating family office policies
Using devices to eavesdrop on confidential family conversations
Uploading sensitive family office data to personal cloud accounts
Altering family office procurement processes to favor specific or fake vendors
Why are Insider Threats Relevant
to Family Offices?
Underestimation of Risks:
Family offices often underestimate — or sometimes, just overlook — potential threats for various reasons.
-
Lack of industry-specific threat data and benchmarks
-
Survivorship bias leading to complacency after long periods of success
-
False sense of security from perceived anonymity
Complex Insider Profiles:
Family offices have a diverse range of potential insiders, including family members, employees, advisors, and external vendors. This variance increases the complexity of managing insider threats due to differing access levels and roles.
High-Value Targets:
Family offices manage substantial financial assets and sensitive personal information, making them attractive targets for external bad actors and malicious insiders seeking to financially gain or exploit valuable information.
Unique Operational Structure:
Many family offices operate with lean teams and a lack formal security infrastructure.
-
Employees often have multi-role access, increasing the potential impact of insider threats. Family offices can also be small, close-knit teams requiring high levels of trust.
-
Family offices frequently have less formal governance structures compared to larger institutions of the same complexity and asset size.
-
If the family operates in multiple parts of the world, its family office is vulnerable to risks across different jurisdictions and can be exposed to geopolitical risks.
Reputation and Privacy Concerns:
Family offices demand discretion and are highly-reputation-conscious.
-
Insider threats can lead to public scandals or legal issues that damage the family's social standing and threaten business opportunities.
-
Personal safety risks may arise if information about family members' routines or security measures is exploited.
Evolving Threat Landscape:
The cybersecurity landscape is continuously evolving. Established hacker methodologies like phishing, business e-mail compromise and social engineering are being augmented with AI – making the threats less predictable and more sophisticated. Hackers are increasingly looking at vulnerable third parties associated with family offices like outsourced IT service providers. In addition to complex attacks that take advantage of vulnerabilities in SMS messaging or watering hole websites, the threats are always evolving and adapting to defenses that have worked in the past.
Regulatory Compliance:
Insiders might exploit their knowledge to circumvent compliance requirements, potentially leading to legal and financial consequences for the family office.
Lack of Background Check Program:
Before hiring a family office employee, the majority of families will conduct some form of background check. This practice is less common when engaging with a vendor, though. Moreover, reoccurring and multi-faceted background checks on family office staff and third-party risk assessments are infrequently performed.
Challenges in the Risk Management Industry:
Families may lack knowledge about available risk management services and what constitutes "excellent" risk management. Unfortunately, risk management services are frequently ignored by skeptical families due to fear-mongering marketing tactics.
Why do Insider Threats occur and how can you spot them?
Insider Threat Motivations
There are numerous triggers that might drive an insider to misuse their authorized access within an organization. Although unintentional insider threats are frequently the result of negligence or a lack of awareness of risk management policies and protocols, the following are some examples of motivations behind intentional bad actors.
Financial Gain:
Exploiting access for personal profit
Ideological Beliefs:
Acting based on personal convictions
Personal Crises:
Financial, health, or emotional distress leading to desperate actions
Revenge:
Acting against the organization due to perceived wrongs
Ego:
Seeking personal gratification through deception
Coercion:
Being forced to act against
the organization due to blackmail
or manipulation
Espionage:
Gathering information for competitors or nation states
Insider Threat Indicators
TInsider threat indicators can signal potential risks within an organization—especially when we consider intentional insider threats. Poor employee performance may suggest disengagement or even intentional sabotage. Less apparent examples, like employees using passwords that express dissatisfaction with their employer, might indicate underlying frustrations that could lead to malicious actions. (For example, “IH8TEthisJOB.”) Other indicators include:
Refusal to adhere to established risk management policies and procedures
Financial obligations and excessive debts
Grievances over not getting promoted or recognized at work
Impending termination of a contract or job
Unusual surges in network traffic that may indicate the download or transfer of sensitive data
Excessive or unexplained authorization requests for access to drives, documents, or applications beyond specific family office business needs
Unintentional threats often come from a family’s failure to follow risk management policies (or lack of policies) or from human error by insiders. Human errors might look like a misaddressed email that inadvertently sends sensitive documents to unauthorized recipients, an accidental click on a malicious hyperlink, the opening of a dangerous phishing email attachment, or improper physical disposition of sensitive documents or data-bearing devices.
Why should family offices develop
an Insider Threat Management Program?
An Insider Threat Management Program (ITMP) can effectively prevent, detect, and respond to individuals who misuse their authorized access to harm the organization. ITMPs can help your office:
Protect personal data:
Prevent theft or loss of personal data.
Increase safety:
Enhance the overall security posture to protect family members and staff from potential threats.
Ensure compliance:
Mitigate legal and regulatory impacts like litigation costs.
Adapt to remote work:
Address the unique challenges and vulnerabilities caused by remote work environments.
Preserve reputation:
Avoid family brand damage and maintain trust among internal and external family stakeholders.
Safeguard intellectual property:
Protect critical data and intellectual property from theft.
Common Misconceptions about Insider Threat Management Programs
Family offices who misunderstand the purpose of insider threat programs can impede their effective implementation—or even the consideration of these strategies altogether. Here’s how to combat them:
Intrusive Monitoring
A common belief is that ITMPs require extensive data collection that invades employee privacy. However, effective programs focus on capturing actionable data, but still respect the discretion of family members and the legal rights to privacy of employees.
Profiling Employees
ITMPs are not designed to profile employees—something that could lead to legal or regulatory risks. Instead, these programs are legally and ethically executed to focus on identifying specific behaviors and patterns associated with increased risk. They don’t profile based on personal characteristics.
Punitive Nature
ITMPs are not designed to penalize employees for mistakes. Successful programs, rather, foster a security-conscious environment built on trust and transparency. They focus on behavior change rather than punishment.
High Cost
ITMPs are perceived as expensive. When put into action, though, they can reduce costs by preventing incidents and minimizing impact through early detection and response.
Cyber-Only Focus
Many believe that insider risk is exclusively a cyber issue. Effectively avoiding insider threats necessitates collaboration across a family office organization, on and offline.
How to get started on Insider Threat Management?
A Framework for Family Offices
Assess
Design
Train
Monitor
Adapt
ASSESS
Underestimation of Risks:
First, conduct comprehensive risk assessments to understand the dynamics and vulnerabilities unique to your family office environment.
Identify and Assess Insiders
Review organizational structure with an emphasis on access to sensitive information. Assess varying risks posed by insiders within your environment.
Analyze Across Risk Domains:
Consider risks across the ten domains of risk (privacy, reputational, technological, financial, legal & regulatory, strategic, operational, physical, political, and health) to develop a holistic understanding of potential threats.
DESIGN
Develop Strategy
Create a tailored, prevention-focused insider threat management strategy that addresses your specific needs.
Establish Policies
Implement clear policies and procedures for handling sensitive information, operations, and access controls.
Define Roles and Responsibilities
Assign specific roles for monitoring and responding to insider threats to ensure accountability.
TRAIN
Conduct Awareness Programs
Educate family members, employees, advisors, vendors, and contractors about the risks and indicators of insider threats.
Regular Training Sessions
Provide ongoing training — everyone should understand their personal role in protecting sensitive information and assets.
Promote Security Culture
Foster a culture of security awareness and vigilance.
MONITOR
Implement Monitoring Systems
Use continuous monitoring systems to detect unusual or suspicious activity. Develop employee and family member programs that encourage the reporting of anomalies.
Leverage Advanced Tools
Use real-time and novel tools for behavior analysis and anomaly detection to identify potential threats.
Regularly Review Logs
Conduct regular reviews of access logs and network activity to spot irregularities.
ADAPT
Update Program Regularly
Review and update your insider threat management program to address evolving threats, family, or organizational changes.
Refine Monitoring Techniques
Continuously test monitoring techniques for optimal effectiveness.
Reassess Risk Profiles
Periodically reassess risk profiles and adjust security strategies as needed.
How can you protect your family office against Insider Threats?
To get started, family offices should consider adopting a comprehensive Insider Threat Management Program (ITMP) that addresses vulnerabilities across multiple risk domains. Here, we’ve provided a framework designed to enhance your office’s resilience through the safeguarding your assets, reputation, and privacy.
At Presage Global, we’re ready to help you build a robust Insider Threat Management Program. Partner with us to gain access to cutting-edge strategies, expert guidance, and the tools necessary to detect, mitigate, and prevent insider threats before they can cause harm. Don’t wait until an issue arises—instead, take the first step towards fortifying your family office today. Allow us to help you create a secure place where your family and its legacy will thrive.