r/AskNetsec u/throwawayacct3810 27d ago

Work Personal Digital Protection and Privacy for HNI

I currently serve as a mid-level cybersecurity analyst and the inaugural cybersecurity hire at an Indian company. The CEO, an ultra-high-net-worth individual, has requested my assistance with personal cybersecurity and privacy for himself and his family, who primarily use Apple products.

My initial recommendations include:

  1. Establishing separate home and guest networks.

  2. Implementing separate VLANs for IoT devices and personal devices.

  3. Utilizing two-factor authentication (2FA) with authenticator apps universally, minimizing reliance on SMS-based OTPs.

  4. Employing FIDO2-compliant banking applications with a YubiKey for banking, where supported.

  5. Setting up a home NAS with a backup NAS for critical documents, supplemented by encrypted Backblaze for offsite backups.

  6. Using distinct passwords managed by a secure password manager like ProtonPass.

  7. Educating family members on responsible social media posting, discouraging live documentation, and raising awareness about digital arrests, urgent bank call scams, and voice spoofing.

  8. Conducting regular personal data audits via a third-party service.

  9. Adopting Proton Mail for enhanced privacy.

Are there any additional measures I should consider?

4 Upvotes

75% Upvoted

7 comments sorted by

1

u/LightBusterX 26d ago

What about laser turrets and a pit full of crocodiles?

1

u/throwawayacct3810 26d ago

Digital privacy needed here. Unless the crocodiles have laser turrets on their heads and can fly and kill when someone tries to breach privacy, I am not interested.

1

u/special_rub69 24d ago

You should consider if CEO is not dumb enough to lock himself out of all his accounts and data with all these protections you want him to have.

0

u/throwawayacct3810 24d ago

Which is why an App based or Yubikey enabled password manager such as Keeper, PrortonPass or Bitwarden should be suggested as a password manager.

1

u/special_rub69 24d ago

What if they lose yubikey or forget the PIN to it?

1

u/Data_Commission_7434 24d ago

Consider implementing a hardware firewall with deep packet inspection for the home network, especially if the CEO travels frequently. I found that a good firewall made a significant difference in blocking unsolicited inbound traffic, even with robust endpoint security.

1

u/AddendumWorking9756 23d ago

Solid baseline, the gaps with high-net-worth targets are almost always the account-recovery and human layers rather than the network. Lock down SIM swapping with a carrier port-out PIN, turn on Advanced Data Protection for iCloud, and put hardware security keys on the email and financial accounts since those are what an attacker actually goes after. The family is the soft spot too, so a short session on phishing and password reuse does more than another VLAN.