How to Protect Your Digital Footprint: A Cybersecurity Framework for High-Net-Worth Individuals

Written By: Ryan Morrison.

Based on a Navigating Wealth conversation with Jason Passwaters

The question comes up regularly in the Long Angle community: once your name gets attached to a liquidity event, a PE exit, or a news mention connecting you to significant wealth, how much of your online life do you need to lock down? The honest answer from someone who spent 12 years in Marine Corps counterintelligence and another 15 tracking cyber criminals for the FBI and later founding Intel 471 is: less than you fear, but more than you are doing. Jason Passwaters does not advocate for disappearing from the internet. He advocates for footprint management, and the distinction matters considerably.

Protecting your digital footprint means managing what personal information you expose online so attackers move to softer targets. For high-net-worth individuals, the goal is not eliminating your online presence but practicing good hygiene: a password manager with unique credentials for every account, friction built into financial account transfers, and awareness that your family's digital presence extends your own exposure surface. Most financially motivated cybercrime is opportunistic. Removing the easy wins eliminates most personal risk.

Table of Contents

• How Cyber Criminals Choose Their Targets

• The Footprint Management Framework: What to Do

• Online Privacy Tips for Executives and High-Profile Individuals

• Understanding the Cyber Threat Landscape

• What Tracking Cyber Criminals Looks Like From the Inside

• Frequently Asked Questions

Most financially motivated cyber criminals are not sitting in a room with a spreadsheet of HNW targets, working through the list one by one. They are operating at a scale that makes individual targeting impractical most of the time. The initial attack surface is broad and largely opportunistic: hoovering up compromised credentials, scanning for exposed accounts, identifying organizations with known vulnerabilities. The question of whether you are personally targeted follows a different logic.

You become a named target when your wealth becomes knowable. A PE exit announcement with your name attached. A business sale covered in a trade publication. A LinkedIn profile that clearly signals a nine-figure liquidity event. A family office registration that is a matter of public record. Once that information exists and becomes searchable, you have moved from anonymous opportunity to identified target. The magnitude of the potential payout shapes how much effort an attacker is willing to invest in reaching you specifically.

43% of family offices experienced a cyber attack in the prior two years, according to Deloitte's 2024 Family Office Cybersecurity Report. That figure reflects the shift Jason describes: wealth managers and family offices are no longer operating below the radar. The infrastructure, the staff, and the assets under management have made them targets that warrant dedicated effort.

The nature of the threat has also evolved. Extortion has become a more prominent objective than pure account theft. The Brian Thompson situation at UnitedHealthcare is the extreme end of a spectrum, but it illustrates the point: a high-profile executive carries risk that extends beyond having money in accessible accounts. Brand damage, personal reputation attacks, protest coordination, and physical threat escalation are all outcomes that cyber criminals and their customers are willing to pursue against high-profile targets. Jason works with companies on exactly this: managing the digital footprint of executives whose names create risk not just for themselves but for the organizations they lead.

The underground marketplace where this activity originates is not the shadowy place most people imagine. Jason describes it as operating exactly like a legitimate business. There are product specializations: initial access brokers who compromise organizations and then sell that access to anyone willing to pay. There are service providers offering infrastructure, malware as a service, stolen credit card data, technical support. There is marketing, brand management, customer support for complaints. State-level actors are buyers in this marketplace too: they co-opt cyber criminals, purchase access that provides plausible deniability, and moonlight alongside it. Cybercrime damages are projected to reach $10.5 trillion annually, which would make it the third-largest economy in the world. That figure reflects a real business ecosystem, not a collection of individuals.

Watch the Full Conversation

This article draws on a Navigating Wealth conversation with Jason Passwaters, where we discuss how cyber criminals choose targets, what the underground marketplace looks like from the inside, what HNW individuals should do about their digital footprint, and what AI is doing to the threat landscape. Watch the full episode for the broader discussion.

Subscribe on YouTube · Get weekly episode updates

Jason Passwaters is co-founder and CEO of Intel 471, a threat intelligence company. He spent 12 years in the US Marine Corps, specializing in counterintelligence and human intelligence, before joining a small FBI contractor in 2008 doing network forensics and supporting cyber crime investigations. He co-founded Intel 471 in 2014, building through a first exit with Thoma Bravo. Intel 471 tracks threat actors across the criminal underground, providing exposure monitoring, threat intelligence, and hunt capabilities to enterprise clients. In this conversation, he explains what the criminal underground looks like from the inside and what individuals with meaningful wealth should do about their digital exposure.

Jason's central argument is that protecting your digital footprint is not about achieving invisibility online. It is about removing easy wins from the attacker's toolkit so that targeting you requires more effort than targeting the next person. Financially motivated attackers operate at scale. They move to softer targets when the work involved exceeds the expected return. The goal is to be the harder target in the pool, not the only one.

The foundational step is a password manager with a unique, complex password for every account. This sounds obvious, and Jason acknowledges that he asks people about it and watches them look down guiltily when they admit they use the same password everywhere. It remains the single most common and most avoidable mistake. Attackers routinely compromise a credential from one breached service and then test that same credential against banking, brokerage, email, and social media accounts. Credential theft accounts for 78% of incidents in financial sector attacks. A password manager eliminates the exposure from all of those secondary pivot points at once.

Multi-factor authentication on every financial and email account is the second step and is closely related. Email is the master key to everything else. If an attacker controls your email, they can trigger password resets on every other account. Protecting email with a second factor, ideally an authenticator app rather than SMS (which can be SIM-swapped), closes the most dangerous single point of failure.

Tad's question about locking down brokerage accounts deserves a specific answer. Yes, creating friction in the money movement process is worth doing. If your brokerage or wealth management platform allows you to restrict outbound transfers to require additional verification steps, enabling those features makes the account materially harder to drain even if credentials are compromised. Understanding how to evaluate whether your wealth manager is taking the right steps to protect your accounts is worth adding to that conversation explicitly.

Family awareness is the final element of the framework and the one most often overlooked. Your digital footprint is not just your own. A spouse's social media post that tags your home address, a child's account that reveals your family routine, a family member's weak password on a shared streaming service that is reused elsewhere. Each of these extends your exposure surface. The household approach to digital security is only as strong as its least attentive member.

Jason's central argument is that protecting your digital footprint is not about achieving invisibility online. It is about removing easy wins from the attacker's toolkit so that targeting you requires more effort than targeting the next person. Financially motivated attackers operate at scale. They move to softer targets when the work involved exceeds the expected return. The goal is to be the harder target in the pool, not the only one.

The foundational step is a password manager with a unique, complex password for every account. This sounds obvious, and Jason acknowledges that he asks people about it and watches them look down guiltily when they admit they use the same password everywhere. It remains the single most common and most avoidable mistake. Attackers routinely compromise a credential from one breached service and then test that same credential against banking, brokerage, email, and social media accounts. Credential theft accounts for 78% of incidents in financial sector attacks. A password manager eliminates the exposure from all of those secondary pivot points at once.

Multi-factor authentication on every financial and email account is the second step and is closely related. Email is the master key to everything else. If an attacker controls your email, they can trigger password resets on every other account. Protecting email with a second factor, ideally an authenticator app rather than SMS (which can be SIM-swapped), closes the most dangerous single point of failure.

Tad's question about locking down brokerage accounts deserves a specific answer. Yes, creating friction in the money movement process is worth doing. If your brokerage or wealth management platform allows you to restrict outbound transfers to require additional verification steps, enabling those features makes the account materially harder to drain even if credentials are compromised. Understanding how to evaluate whether your wealth manager is taking the right steps to protect your accounts is worth adding to that conversation explicitly.

Family awareness is the final element of the framework and the one most often overlooked. Your digital footprint is not just your own. A spouse's social media post that tags your home address, a child's account that reveals your family routine, a family member's weak password on a shared streaming service that is reused elsewhere. Each of these extends your exposure surface. The household approach to digital security is only as strong as its least attentive member.

Executives face a structurally different threat profile from individuals with comparable wealth who maintain a lower public profile. A Fortune 500 CEO cannot hide their role. A founder whose exit generated news coverage cannot unring that bell. The question shifts from "how do I stay invisible" to "how do I manage what my visibility enables."

The UnitedHealthcare situation that Jason references is the most extreme recent example of how executive visibility creates physical risk, not just financial exposure. But the more common threat vector is extortion rather than theft: attackers who use exposed personal information to threaten brand damage, regulatory scrutiny, or reputational harm as leverage. CEOs in 2026 have shifted their top cybersecurity concern from ransomware to cyber-enabled fraud, according to the WEF Global Cybersecurity Outlook 2026. That shift reflects real experience with how the threat has evolved.

The practical steps for executives follow the same footprint management logic but with additional dimensions. Separating personal and professional accounts (distinct email addresses, distinct devices where practical, distinct social media presence for personal versus professional identity) reduces the attack surface available from any single breach. Reviewing what a corporate biography reveals about personal routines, home locations, or family details is worth doing periodically. The information that seems innocuous in a corporate bio can become targeting intelligence when combined with other publicly available data.

Family members compound the executive's exposure in specific ways. Jason notes that if a child's social account reveals that a parent is traveling, or if a family member casually mentions a home address in a public post, those details enter the data pool that attackers and their customers use to build targeting profiles. Why executives with a public PE-backed profile face heightened risk goes deeper on this dynamic from an operational standpoint.

AI has added a new dimension to the executive threat profile that Jason identifies as what keeps him up at night: not a single large attack but many simultaneous ones made possible by AI lowering the barrier to entry. Deepfake audio and video impersonation of executives for wire fraud attempts is already documented. Hyper-personalized phishing built from scraped social media and public biographical data is now achievable at scale by attackers with modest technical resources. The defense remains the same (footprint management, hygiene, friction) but the sophistication of the inbound threat has increased materially. How the 2026 cyber threat landscape compares to prior years in terms of HNW targeting is something Long Angle's Professional Services Study touches on as well.

The reason most individuals find cybersecurity confusing is that it conflates two distinct problems: protecting your internal environment from intrusion, and understanding what external threats are looking at you. Jason frames these as genuinely different disciplines, served by different vendors and requiring different responses.

The internal side (what CrowdStrike, Palo Alto Networks, and similar companies do) is about hardening the perimeter. Endpoint protection, network monitoring, identity management, and incident response. For individuals, the analogous layer is device security, network security at home, and account-level protection. This is the space most security advice addresses because it is the most accessible to describe.

The external side is what Jason's company Intel 471 works on. The question is not just "can they get in" but "when the bad guys look at you, what opportunities do they see?" That question is proactive rather than reactive. It does not require waiting for an incident to discover that your credentials have been circulating in underground forums for six months, or that an initial access broker sold entry to your network to three separate buyers last quarter.

The underground marketplace where this activity happens is organized around specialization. Initial access brokers compromise organizations and sell access. Malware developers sell tools. Infrastructure providers host the backend. Ransomware groups buy access, deploy their tools, and negotiate payment. Nation state actors monitor the marketplace for juicy targets available at a fraction of what an independent operation would cost. Jason describes it as a capitalistic ecosystem that, if you removed the morality, would be fairly impressive in terms of the operational sophistication and scalability some of these groups have achieved.

AI has accelerated every part of this. Cybercrime-as-a-service platforms are lowering the barrier of entry for less technically sophisticated actors. Personalization at scale — crafting a phishing email that references your specific recent LinkedIn post, your company's recent press release, your known business relationships — is now achievable with commodity tools. What Jason says keeps him up at night is not a single Colonial Pipeline event but the prospect of many simultaneous ones, driven by the operational scale that AI is handing to attackers. For Long Angle members making decisions about which professional services to prioritize and what they cost, cybersecurity is increasingly part of that calculus.

Attribution in cyber crime works the way military counterintelligence works: you collect enough data points across enough time that a picture emerges that cannot be coincidental. Jason's background in Marine Corps human intelligence and his early FBI network forensics work gave him a specific skill set for this. The Donetsk operation is the clearest example he shares of how that skill set operates at full deployment.

Approximately 100 to 150 of the top cyber criminals in Russia and Eastern Europe decided to use a single chat server for their communications. Jason specialized in the underlying protocol of that application. Every 90 days, he received a full cache of data from that server and had to process it programmatically to extract signal. What he found was not just criminal activity. He found human beings: someone who had just had a baby and was terrified of extradition, conversation about US sentences of 30 to 40 years for people in his position, political relationships that made prosecution impractical.

One actor in that network was closely connected to a sitting president's son, who was the godfather to his daughter. The actor operated with impunity. When the war started, he moved to Kyiv and took an apartment two blocks from Intel 471's Ukrainian office. The team knew who he was, who did what, what his relationships were. Prosecution remained structurally blocked.

The most striking moment in the story is the FBI report. Jason was working as a contractor supporting agents on the case, doing direct analytical support with a level of involvement that put his work product directly into FBI reporting. He received a refresh of data and started reading the actors' communications. One of them was telling the primary target that the FBI were onto them, then quoted a specific report. The report was the one Jason had written 60 to 90 days earlier. Someone inside the law enforcement relationship with Ukraine had read it and sold the information.

The practical implication for HNW individuals is not that you will be caught in an operation like this. It is that the people operating in the underground marketplace have real identities, professional reputations, business relationships, and operational security practices refined over years. They are not amateur actors. The ones who succeed are good at what they do, operate with impunity in favorable jurisdictions, and have enough legitimate-looking infrastructure that attribution is genuinely hard. Footprint management does not defeat a motivated sophisticated attacker. It defeats the opportunistic one, which accounts for the large majority of what HNW individuals face.

The cybersecurity problem for HNW individuals is not primarily a technical problem. It is a hygiene and footprint problem, and the solutions are more accessible than most people expect. A password manager, multi-factor authentication, friction on financial accounts, family awareness, and periodic review of what your public digital presence reveals. These steps do not require a security operations team or a significant technology budget. They require doing the boring things consistently.

Jason's deeper point is about the nature of the threat. The underground marketplace is a real, organized, scalable ecosystem populated by people who are good at what they do. AI is making it more capable and more accessible to less skilled actors. But the large majority of what HNW individuals face is opportunistic rather than targeted, and opportunistic attackers move to softer targets. The investor who maintains good digital hygiene and manages their public footprint with the same intentionality they apply to their portfolio is structurally more protected than one who relies on complexity or assumes the threat is not real until it arrives.

The time to review that footprint is before it becomes relevant.

Resources Mentioned

• Long Angle High-Net-Worth Asset Allocation Report

• Intel 471 — intel471.com

Watch or Listen

Watch on YouTube · Listen on Spotify · Apple Podcasts · Amazon Music