If you've been recruited by me, I've likely had you sign an NDA. In the world of family offices and government, these are so standard that I forget there's a world where recruiters can openly share who they work for.
It came to mind recently when a potential client experienced a security breach in their home office. Shockingly, this UHNW individual did not background check their employee before granting them access to their estate.
Earlier this year, I placed a candidate new to the family office world. The FO team failed to provide proper security onboarding and the Principal was shocked when the employee brought their partner onsite to help move boxes.
In each case, I have had to educate the team on security best practices in hiring, firing, and maintaining data security.
Here are a few key steps:
✅ External party interviews - an outside objective opinion can help you uncover red flags; this could be a fractional HR consultant, Security Vendor, or Multi-Family Office.
✅ NDAs - everyone needs to sign an NDA before speaking with the Principal, even if you think your profile is low. This sets the standard and shows you are mindful of security protection.
✅ Background checks - utilize an outsourced security vendor to complete a thorough background check; don't trust that someone else in the process is completing it unless you've seen proof.
✅ Security onboarding from an outside party or trained team member - create standards for training new hires on how to handle security breaches, data privacy, and rules regarding access to properties. Even if you outline this in the handbook, make a separate space to discuss.
✅ Device management - if your employee is on-site, sending emails/texts with vendors, ensure you have control over that device.
With more small private equity and family offices opening worldwide, demand for FO talent is outpacing expertise. It's crucial to plan for the worst and be satisfied when you don't have to address situations.
If you need help establishing a security framework, I highly recommend contacting vendors like Crisis24 or 360 Privacy