A referral reflects on the adviser who makes it
When a wealth adviser introduces a client to a cybersecurity or forensics firm, the adviser's own judgment is on the line. A confident firm and a credible one can look identical in a first meeting, so it helps to have a short, consistent way to tell them apart before any introduction. This guide is for that purpose. It is general information, not legal advice, and not a substitute for the client's own retained counsel and due diligence. The risks a competent family-security firm should be able to discuss fluently are laid out in family-office cybersecurity risks.
Credentials: verify what they attest
Certifications are useful only when you know what they mean and can confirm them. GIAC, for instance, is the certifying body behind a well-regarded family of practical security and forensics credentials; the relevant questions are which specific certifications a practitioner holds, what each one actually attests to, and whether it verifies directly with the issuer. Be wary of vague claims of “X certifications” with no specifics — a credible firm will name them and welcome the check.
Court-admissibility: would the work survive a challenge?
Even when litigation is not the goal, the discipline that makes work admissible is the same discipline that makes it reliable. Ask how the firm preserves evidence and maintains chain of custody, whether it follows recognized digital-evidence standards such as those published by the Scientific Working Group on Digital Evidence (SWGDE), and whether it works to laboratory standards like ISO/IEC 17025 where applicable. Remember that, in court, expert opinions are screened for reliability under the Daubert standard — a firm that cannot discuss method and defensibility should give you pause.
Discretion and the engagement terms
- NDAs and confidentiality.Expect a clear confidentiality agreement and a culture of discretion — how they talk about other clients tells you how they will talk about this one.
- References. Ask for references from comparable engagements, ideally through advisers or counsel who can speak candidly.
- Defined scope.A credible firm scopes the work, explains what it will and will not do, and is honest about limits — including, as the FTC and CISA both stress in the privacy context, that some public exposure cannot simply be erased.
The red flags
A few signals justify ending the conversation: guaranteed recovery of lost funds, guaranteed removal of all online content, pressure to pay large sums urgently, reluctance to name credentials or references, and any suggestion of methods that would not withstand scrutiny. Confidence is not competence, and certainty is usually a tell.
A simple standard
The firms worth a referral tend to share the same temperament: specific about credentials, comfortable discussing method and admissibility, discreet by default, and honest about what cannot be done. Holding a prospective firm to that standard protects the client and the adviser alike — and most good firms will respect the diligence rather than resist it.
Sources
- Global Information Assurance Certification (GIAC), About GIAC. https://www.giac.org/about/
- Scientific Working Group on Digital Evidence (SWGDE), SWGDE — Digital Evidence Best Practices and Standards. https://www.swgde.org/
- Cybersecurity and Infrastructure Security Agency (CISA), Personal Security Considerations Action Guide. https://www.cisa.gov/resources-tools/resources/personal-security-considerations-action-guide
