Playbook library
The incidents a family office actually faces — and the calm first hour for each.
Twelve first-hour playbooks, including the signature family-office scenarios no other vertical has: exposure-footprint and doxxing, estate-network compromise, and NextGen social exposure.
Wire-transfer fraud & deepfake principal impersonation
A capital call, distribution, closing, or “principal's urgent instruction” is spoofed — by email compromise, a lookalike domain, or an Arup-style deepfake of the principal or CFO.
Read the first hour
Playbook 2Business email compromise on the office
The quieter precursor: a compromised office mailbox, malicious forwarding rules harvesting wire threads and K-1s, a spoofed custodian notice, or fake “updated wire instructions” mid-deal.
Read the first hour
Playbook 3Principal & family-member account takeover
A principal's personal email, iCloud/Google account, or social login is taken over — often via SIM-swap or reused credentials — giving the attacker password resets, private photos, and a launchpad into the office.
Read the first hour
Playbook 4Family exposure-footprint & doxxing response
The uniquely family-office scenario: home addresses, travel patterns, aircraft tail numbers, children's schools, and household-staff identities assembled from data brokers, property records, and flight trackers.
Read the first hour
Playbook 5Ransomware & data-theft extortion on the office
The Pathstone pattern: the office's own systems — or its wealth platform — are encrypted or exfiltrated, and the extortion leverage is the family's privacy, not operational downtime.
Read the first hour
Playbook 6Vendor & advisor-chain breach
The breach isn't yours — it's your accountant, lawyer, fund administrator, bill-pay provider, or wealth platform. Their compromise exposes your K-1s, wire instructions, and family data.
Read the first hour
Playbook 7Household-staff & estate-network compromise
The estate is a small enterprise: shared Wi-Fi, smart-home systems, security cameras, and personal devices of household staff — often flat, unmanaged, and bridged straight to family devices.
Read the first hour
Playbook 8Insider misuse & departing-employee risk
A trusted employee, advisor, or departing staff member copies files, keeps access, or misuses standing credentials — the small-team family office has few people but enormous concentrated access.
Read the first hour
Playbook 9Targeted phishing & social engineering
Spear-phishing and pretexting aimed squarely at the office: fake DocuSign, spoofed custodian portals, “IT support” calls, and QR-code lures crafted from public information about the family.
Read the first hour
Playbook 10NextGen social exposure
The next generation lives online: geotagged posts, school and travel details, and oversharing that maps the family's movements, wealth, and relationships for attackers and doxxers.
Read the first hour
Playbook 11Cyber insurance & law-enforcement response
After an incident, the claim and the report are their own minefield: policy sub-limits, notification deadlines, preserving evidence for law enforcement, and knowing which agency to call and when.
Read the first hour
Playbook 12Travel & border device security
The family and staff travel constantly: devices at border crossings, hotel and airport Wi-Fi, lost or seized laptops, and the elevated targeting that comes with visible wealth abroad.
Read the first hour