This section is by PBY Capital

Social media is a growing security risk. Here’s how to play it safer

An online presence can be a great way to network and build a personal brand. But does it expose you and your family office to fraud—or worse?

For many of us, social media now plays a primary role in how we stay in touch with people in our life and shape our public personas. For high-net-worth individuals with business and philanthropic interests, maintaining an active and authentic presence on social media platforms can be vital for building personal brand awareness and for networking.

Story continues below

But with an elevated public profile come elevated risks. Social media can reveal personal information that makes it easier to track locations or mimic identities—dangers that can extend beyond individuals to their families and to managers of family offices. 

“We create vulnerabilities with our social media activities that can manifest themselves in cyber or physical security threats,” says Andrew Kirsch, founder and principal at Toronto-based security consultancy Kirsch Group and a former intelligence officer with the Canadian Security Intelligence Service (CSIS). “Social media presence is a foundational component of any risk assessment, whether for physical or cyber security.”

The threats aren’t hypothetical, nor are they limited to reputational damage or even financial fraud. The physical risks of a high public profile are real. Kirsch has worked with executives targeted by activist groups opposed to company operations, and in downtown Toronto recently, the president and CEO of public cryptocurrency company WonderFi was kidnapped during evening rush hour and later released unharmed for a ransom of $1 million in Bitcoin. In mid-November, after several NBA and NFL players’ homes were robbed, both leagues warned their players about organized criminal groups targeting professional athletes by using social media and other means to track when their homes would be unoccupied.

We talk about ‘planting a flag’ so that you own your online presence. Don’t leave a void.

Andrew Kirsch

It’s enough to make some people retreat from having an online presence at all. “There is that group of people who say, ‘I’m not very active, I stay off of social media and limit my activity online,’” says Kirsch. “Some want to disappear altogether—‘I don’t want to have anything available about me online.’”

Kirsch cautions against that approach, however, because it relinquishes control. “You’re not monitoring how your name or image is used or if people are setting up fake profiles of you,” he says. “We talk about ‘planting the flag’ so that you own your online presence. Don’t leave a void.” Even a limited Facebook or Instagram account can help ensure the top hits on Internet search engines feature your preferred narrative.

Story continues below

Locking down social media vulnerabilities

Crafting a public profile online has its rewards, but it comes with risks. Cyber security training and policies for family offices must include social media rules for administrators and family members alike.

The good news is that establishing a safer social media presence comes down to adopting a few best practices:

1. Restrict social app access: Many smartphone apps will request access to contacts, image libraries, location and even your microphone or keyboard. Only permit what is strictly necessary. “All these things are default options that we just allow,” says Kirsch. “But a malicious actor, be it the app itself or someone who hacks the app, could gain much broader access to us than we would be comfortable with.”

Photo of Andrew Kirsch
“The best advice for operating online is vigilance,” says Andrew Kirsch

2. Keep your network private: Limit who can see your contacts, so that bad actors are less likely to find out who is in your orbit. That helps prevent social engineering attacks like “spear-phishing”—fraudulent emails that appear to come from a trusted person, but could lead to a cyber security breach or financial fraud. For the same reason, Kirsch recommends only connecting with people you know directly, even on a professionally focused platform like LinkedIn. “Some people just accept all requests to connect, but you’re validating someone who could use your association to make someone else susceptible to fraud,” he says.

3. Post photos with caution: First, turn off geotagging of your photographs so followers can’t easily identify locations you frequent. Even then, take an extra moment to carefully review any photo for visual information that could share more about you than you intend, including items in the background. Finally, wait to post photos of your vacation or even trips to the cottage until you’ve returned home, so followers don’t know when you’re away.

4. Avoid TikTok: Kirsch warns that all social media platforms collect information about you and what is shared with advertisers, and some are more transparent than others. “But there is no transparency with TikTok,” he says, and with its corporate ties to China, the app presents a security vulnerability. “I get concerned about how much is being collected and analyzed to build a profile about you and target you. We don’t know what’s going on there.” (In early November, following a security review, the Canadian government banned TikTok from operating in Canada, but Canadians are not banned from using the app.)

Story continues below

Stay vigilant

Of course, many cyber security practices extend to social media account management, such as using only unique, strong passwords with multi-factor authentication, and taking extra steps to verify information or requests before taking action. 

“The best advice for operating online is vigilance,” says Kirsch. “If someone mentions, ‘Hey, I got a weird message from you,’ take that stuff seriously. It’s just being careful about decisions you make and what information you provide access to.”

Crafting a public profile online has its rewards, but it comes with risks. Cyber security training and policies for family offices must include social media rules for administrators and family members alike.

The Canadian Family Offices newsletter comes out on Sundays and Wednesdays. If you are interested in stories about Canadian enterprising families, family offices and the professionals who work with them, but like your content aggregated, you can sign up for our free newsletter here.

Please visit here to see information about our standards of journalistic excellence.