Sun, Jul 25, 2021

Kroll's Security Concepts Podcast

Kroll’s Enterprise Security Risk Management subject matter experts have come together, alongside special client guests, to host a podcast series discussing the world’s most pressing security challenges.
Episode 14
Providing Security Services to Family Offices and High-Net-Worth Individuals

In this episode, experts Matthew J. Dumpert and Todd Keil, Associate Managing Directors in Kroll’s Security Risk Management practice, discuss security services for family offices and high-net-worth individuals. Listen to Matt and Todd discuss Kroll’s extensive security program and services, highlight key areas of concern and how they engage with new clients. They encourage implementing a proactive, pre-emptive and preventative risk management program that not only protects the individual, but also their close personal effects.

Passages from the Episode

Kroll’s Security Program

“For a long time, we've been doing a tremendous amount of work for family offices and high-net-worth families or individuals. A lot of the times we contract either directly with family members. The services that we offer is what's important to the listeners and to the family offices and high-net-worth families themselves. What we do is we help identify risks and mitigate those risks at all times. It can be a moving target and those risks and the threat landscape for a high-net-worth family or a family office client. Like I said, is a moving target.”

“Every family office engagement we have is unique. It's different and it's nuanced just like any family. We adapt to meet the needs of the family and provide expert guidance and services to identify and mitigate all types of risks. Our ultimate goal is to help the family office navigate a terrain that's unique to high-net-worth families and leverage our expertise on a whole host of matters whenever they're needed. When you look at the depth and breadth of all of Krolls specialties, we can be a really powerful and resourceful partner for our family office clients and our high-net-worth clients.” – Matthew J. Dumpert

Threat Landscape and Key Trends

“Right now, family offices and high-net-worth clients are facing really sophisticated and targeted criminal campaigns. There's no question there's been an increase in cyber targeting across the board. When you talk about high-net-worth individuals, high-net-worth families and family office clients, that threat landscape is even more dangerous just because they are such an attractive target for sophisticated defrauding schemes. Oftentimes they're thrust into narratives on social media and then we've also helped them with their corporate leadership affiliations. A lot of our family office and high-net-worth clients still have either seats on boards or they still have connections to a corporate element and look, we've seen over the last couple of years corporations be thrust into these narratives and their board members and their executives be targeted as a result of their affiliation with the corporate element.”

“We help our clients navigate all these scenarios. And then when you look at the greater depth of Kroll's offerings, whether it's investigative, whether it's cyber forensic investigations or proactive cyber defenses or even tax and valuation and merger and acquisition advice and guidance, these are all things that we help our private client, our family office and our high-net-worth clients with.” – Matthew J. Dumpert

“The sophistication of the criminals, the sophistication of the people who are targeting high-net-worth families and family offices and family foundations, I think what that drives is that our clients need to be prepared and it's important from our perspective, the earlier we can get in even before there's an incident. If we can get in and do some sort of preventative work for the family offices, that helps us and helps them significantly down the line. One, to prevent things from happening and two, should something happen we're ahead of the game because we're dealing with very sophisticated adversaries.” – Todd Keil

“High-net-worth families are operating in a completely different threat environment than you or I or Todd and most of the folks that we come in contact with every day. Todd mentioned the sophistication of their adversaries. Not only the sophistication but we've seen particularly with high-net-worth families, it could be estranged family members. It could be known entities, whether they're part of the corporate affiliation or whether they're acquaintances that they've met through foundation work utilizing some inside information, some social networking to target the high-net-worth families. A lot of the times we see sophisticated adversaries playing the long game and by long game I mean ingratiating themselves to the family, ingratiating themselves to the family office holding a position of trust and confidence and then using that access potentially against our clients. And those are things that we're constantly on the lookout for when we talk with our family office clients and our high-net-worth clients.” – Matthew J. Dumpert

“We understand the needs of a family office in high-net-worth families and the approach we take is very nuanced and it's very discreet. We also obviously take into consideration the needs of the family. We take into consideration any sort of public relations element as we're doing our work. So, we work very closely with the families. We work very closely with their support structures, be it a family foundation or their legal representation and ensure that what we're doing is solving the problem but also doing it in such a way that it remains very private and very discreet.” – Todd Keil

Case Study – Client Credit Card Fraud 

“While everything that we do is discreet and everything we do we try to remain behind the scenes and really unknown to those around the family office and our clients. Make no mistake that our job at times requires us to deliver news that maybe we know isn't wanted or will be received in a way that disrupts or upsets our clients and that's what we're hired to do. I can give an example. We had high-net-worth client who came to us with an indication that a fraudulent attempt was made on one of their credit cards and our cyber forensics team was able to take a look at that and determine actually through the tactics and the techniques of the adversary, that it wasn't your run of the mill, couple of hundred dollar charge that was attempted by an unsophisticated criminal actor.”

“It was actually more indicative of somebody who was targeting this person specifically. Our cyber forensics teams background and those who identified this hail from the secret service and their forensics investigative division, they know what they're looking at. They know the signs and the symptoms of a sophisticated actor and they were able to highlight that immediately for the client. Now again, nobody wants to learn that information but when we see it, when we discover it, when we uncover it, we highlight it very quickly for our clients. So, everything we do is discreet but we also know that when we have to pull the lever and we have to convey important information to our clients to safeguard them from either harm or embarrassment, we will do that without hesitation or reservation.” – Matthew J. Dumpert

Family Office and High-Net-Worth Client Onboarding

“I guess I can break it into two different categories. There are really two different times where we'll be introduced to a high-net-worth family or a family office:

  • One is if there's an acute emergency. If there's something compelling right now. If there's criminal activity afoot. If a family is being threatened. If they need protection for one reason or the other. If there's an investigative need. So, that's one bucket.
  • The other is being proactive, and this is actually frankly where more of our family office clients come from. It's recognizing the shift in threat environment. It's recognizing that things are changing. They have changed. high-net-worth individuals and families are being targeted now like never before and with the level of sophistication that we've never seen before.”

“So, those are really the two buckets. Now, like I said, the two eyes, two ears and one mouth approach and that may seem fairly sophomore to say it that way, but I really mean it. The early stages are all about learning. It's all about learning the preferences, learning the desires, learning our limits, learning what the family wants, what they expect and then being able to deliver that way. We have to know the dynamic and the environment that the family operates in. When you talk about a high-net-worth individual or a family office client oftentimes there's multiple professional affiliations. There may be philanthropic work and then generally speaking, once we learn the priorities of the family, once we understand or get our arms around if there's an acute issue and acute problem, right.”

“That's where we thrust the all of Kroll approach whether its investigative protection, whatever they need we can come in and solve those problems and help them work through those. But then once the waters have calmed a bit and we have a moment to breathe, we look at the overall threat environment around the family and we like to conduct, if they haven't already, a threat assessment. We want to understand who may be threatening our clients, the capabilities of those threat actors and if there's been any historical issues of criminal targeting, of exploitation, of duress, trying to embarrass or defraud or scheme. So, that's part of our threat assessment. If they do have individuals that they know of that are trying to target them for nefarious intentions, we'll do a deep dive into those individuals and try to identify what their capabilities are. Try to identify are they close? Are they approximate? Can they actually do damage to the family? And if so, how do we mitigate that?”

“A lot of times we'll look in the early days at the residences that our families occupy. We want to make sure that the security footprint and the security posture is in parallel with the threat environment. We want to make sure that based on that threat environment that we're adequately protected and if they're not, we make recommendations on how we can improve security at the residence and that's through technology, that's your physical security and that's through personnel, if needed in extreme cases. If they have an executive protection program or an executive protection detail, a lot of the times we'll come in and conduct an assessment of that and that's assessing everything from bona fides of personnel to the way that they synthesize and analyze a threat intelligence and how that threat intelligence makes it from the analyst to the ground operator to protect our principals from, again, that harm and embarrassment.”

“And then look, there's all types of special projects. A lot of our family office clients have private aircraft. We can look into the safety and the bone fides of the crew, the facilities that they utilize, the aircraft. We look at vacation or non-primary homes, yachts, extensive travel. If children are at risk, we look at the threat environment around children and how they can be safeguarded and then we cannot ignore and spend a lot of time looking at the cyber infrastructure and the footprint of our clients. Cyber hygiene is critically important and if somebody is, quote unquote, sloppy in their cyber hygiene and maybe leaking personal information that can be used against them, we help identify that, educate our clients and highlight how those pieces of information may be used in a targeting campaign against them.” – Matthew J. Dumpert

Talk to a Kroll Expert

Kroll is ready to help, 24/7. Use the links on this page to explore our services further or speak to a Kroll security risk management expert today via our contact page.

Business Continuity, Resilience and Disaster Preparedness

In today’s fast-paced world, disruptions can happen anytime. Kroll’s full suite of business continuity, resiliency and disaster preparedness capabilities is designed to prepare your enterprise for unexpected risks and maintain competitiveness throughout the full lifecycle of any disruption.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.