Founders and their partners need to include privacy protections early in their IPO planning and pre-IPO preparations. Companies contemplating an IPO and the typical tidal wave of affluence that this creates for its founders know to begin planning early. Typically overlooked are the privacy implications for founders and their partners. Conducting a pre-IPO online exposure review and a holistic and comprehensive review of security risks is essential to mitigate risks to founders and their new wealth. Newly minted wealth will be hypermobile and hyperconnected and may seek to virtualize some family office services as a starting point. It’s important, therefore, to be ahead of these tendencies and the risks they bring. Partnering with a trusted partner to help founders and partners navigate these issues is critical, as there is no silver bullet solution – and founders should expect to monitor and maintain their privacy after an IPO or other exit.
- Online risk – As we have blogged before, it is crucial for founders and partners to acknowledge the shortened attack cycle of adversaries and reduce the amount of information available online can be accessed. Bad actors troll the internet, mining all the information that you and your family have shared with marketing companies, technology companies, and social media. They use that information to easily create a focused picture of your vulnerabilities, predictable patterns, and behaviors of you and your family members.
Solution: Conduct a full #onlineexposurereview and think long-term with monitoring and maintenance to keep your profile low. These efforts should include a comprehensive scrub of all identities, reduction of your presence within the data aggregators, reduction of your family’s online presence, monitoring the #darkweb for exposures, and a subscription partnership to help keep all these items in check.
- Cyber issues – For those founders who have done little to prepare and protect their information technology (IT), sensitive information, and online presence, an international crisis could prove a turning point as indirect (and possibly direct) cyber-attacks are a strong possibility. Historically, Russia has executed cyber-attacks, and the U.S. government and its allies are regularly thwarting attacks from China and Iran. All of these entities use surrogate criminal or other non-state actors to execute their cyber strategy. Founders and partners looking forward to an IPO must have a #cyberprotectionstrategy for their assets and corporate operations, or they may find themselves losing value, weathering an unwanted disruption in IT and finance operations, and unprepared for a breach or crisis.
Solution: Conduct a cyber assessment and technology review of business operations, financial services, and key locations (principal homes and corporate facilities). A third-party review of the current cyber risk state and an assessment of what it will take to move them to the desired end state of greater security should be conducted at once. Only then will principals and their families truly understand and be able to manage their cyber risk.
- Unprotected virtualized services – As founders seek services to take care of their family post-IPO, some are considering moving to a more convenient model of outsourced “virtual” services for certain aspects of the family office (e.g., financial, philanthropic, travel, insurance, etc.). While the advantages appear obvious, the downside may be significant. No one will protect your assets as well as you would. Outsourced services are not as incentivized for security spending as it increases costs, making them less attractive vendors. If the multi-family office’s IT and cyber security is not up to par with industry standards, founders can find themselves operating with unseen vulnerabilities and at far greater risk than they would have had if they had managed it themselves. Do your #duediligence on partners and virtual services. The cost of recovering from a breach from a third party will greatly eclipse the cost of being proactive and avoiding the problem from the beginning.
Solution: Thoroughly vet all virtualized services, focusing specifically on the security built into their apparatus. Ask informed questions about the protection of data while at rest, during transactions, and once archived. Who has access, and where is it stored? What insurance, guarantees, or other protections are built into their software to protect your information? How will they handle a breach or other cyber incident? And, if uncomfortable with the subject matter – bring in a trusted third party to help understand what is protected and what is not.
- Lack of situational awareness of threats and risk – Founders need to partner with a company that can provide them a degree of situational awareness pertaining to all their assets, especially pre-IPO and during due diligence of key partners. Many affluent families grow to own or control a group of companies that helped them build and continue to maintain their wealth, oftentimes starting with their IPO. Adversaries are always gathering information, monitoring for opportunities, and pouncing on any who present themselves as an easy, wealthy target. Founders should expend a similar resource effort on #bespoke analytical services to be fully aware of their family’s threats and vulnerabilities. They need #socialmediamonitoring, cyber threat intelligence, a regular review of privacy settings, physical risk assessment, and an understanding of geopolitical issues relative to their assets. Founders should employ an #bespokeanalysis capability to monitor all of those assets for pre and post-IPO risks.
Solution: Increase the #threatmonitoring of all the family assets. For founders, outsourced support from a third-party company is a more effective method to provide a 30,000-foot-level overview of risk for all the assets of the family. This keeps costs down at the company level, gives owners the needed visibility into the real risks, and enables risk management.
In the 18-24 months before the anticipated IPO, founders should get ahead of potential problems by paying attention to these four key pre-IPO privacy risks and applying recommended solutions so your family will be less vulnerable and can live their best life post-IPO.