{"id":7697,"date":"2023-02-13T15:51:08","date_gmt":"2023-02-13T20:51:08","guid":{"rendered":"https:\/\/joindeleteme.com\/blog\/?p=7697"},"modified":"2024-10-10T17:47:39","modified_gmt":"2024-10-10T21:47:39","slug":"executive-privacy-and-executive-security-guide","status":"publish","type":"b2b-post","link":"https:\/\/joindeleteme.com\/business\/blog\/executive-privacy-and-executive-security-guide\/","title":{"rendered":"The Ultimate Guide to Executive Privacy and Executive Security Online"},"content":{"rendered":"\n<div class=\"wp-block-rank-math-toc-block uk-card-default uk-padding\" style=\"font-size:16px\" id=\"rank-math-toc\"><h4>Table of Contents<\/h4><nav><ul><li><a href=\"#executives-personal-data-is-exposed-online\">Executives\u2019 Personal Data Is Exposed Online<\/a><\/li><li><a href=\"#how-data-brokers-threaten-executive-privacy-and-executive-security\">How Data Brokers Threaten Executive Privacy and Executive Security<\/a><\/li><li><a href=\"#who-needs-executive-security-protection\">Who Needs Executive Security Protection?<\/a><\/li><li><a href=\"#how-organizations-can-protect-executive-security-and-privacy\">How Organizations Can Protect Executive Security and Privacy<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<p>Personal information protection is essential for executive privacy and executive security.&nbsp;&nbsp;<\/p>\n\n\n\n<p>This is because when their personal information is put online by data brokers, executives are exposed to a particularly dangerous variety of threats.&nbsp;<\/p>\n\n\n\n<p>Bad actors use personal information to target executives with threats ranging from harassment and identity theft to social engineering and credential compromise.<\/p>\n\n\n\n<p>The unfortunate truth is that most of the time, executive personal information is dangerously easy to find.&nbsp;<\/p>\n\n\n\n<p>According to our research, executives have a much higher exposure rate (between 15% and 25%) on online public data sources than average employees.&nbsp;<\/p>\n\n\n\n<p>To help buck this trend and keep your own or your executives\u2019 personal information secure, this guide will show you:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>How bad actors can access executives\u2019 personal information on the open web.<\/li>\n\n\n\n<li>The risks to executives that personal information creates.<\/li>\n\n\n\n<li>Key steps organizations can take to improve executive privacy and executive security.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 id=\"executives-personal-data-is-exposed-online\"><\/h2>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"executives-personal-data-is-exposed-online\"> Executives\u2019 Personal Data Is Exposed Online<\/h2>\n\n\n\n<p>Data brokers are one of the largest sources of executive personal information exposure.<\/p>\n\n\n\n<p>Data brokers are private businesses that collect personal information about executives from various online and offline sources, collate this data into a single profile, and then sell it to third parties.&nbsp;<\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Learn more: <em><a href=\"https:\/\/joindeleteme.com\/blog\/what-are-data-brokers\/\" target=\"_blank\" rel=\"noreferrer noopener\">Data brokers: your comprehensive guide<\/a><\/em><\/strong><\/p>\n\n\n\n<p>Stopping data brokers from collecting, sharing, and selling an executive\u2019s personal information is very hard to do, if not impossible.&nbsp;<\/p>\n\n\n\n<p>This is because anytime a person interacts with a third party online (opens up an online account, shares a social media post, visits an e-commerce site, etc.) or offline (buys a car, gets a divorce, uses a loyalty card at the grocery store, etc.), a digital record is created.&nbsp;<\/p>\n\n\n\n<p>Depending on who holds this information, a data broker can either (a) buy this data (for example, from phone companies, retailers, etc.) or (b) scrape it from freely available sources(for example, from social media platforms, forums, business listing, real estate records, state professional and recreational license records, marriage certificate records, etc.)&nbsp;<\/p>\n\n\n\n<p>Data brokers continue searching these sources to collect hundreds of data points for every person on their list.&nbsp;<\/p>\n\n\n\n<p>These personal information data points are then compiled into a digital dossier and sold to advertisers, marketers, and anyone else who wants to buy collections of people\u2019s personal information. Data brokers rarely vet their customers.&nbsp;<\/p>\n\n\n\n<p>This method puts executive security and privacy at particularly high risk.&nbsp;<\/p>\n\n\n\n<p>Because executives tend to have public-facing roles and wider networks and are generally more valuable to marketers, far more of their personal information is findable on data broker sources than average employees.&nbsp;<\/p>\n\n\n\n<p>The data available about executives on these sources also tends to be more detailed, i.e., not just directory-style data points but information on their families, hobbies, properties, and more.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"543\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Executive-PII-2023-Data-1024x543.png\" alt=\"\" class=\"wp-image-7793\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Executive-PII-2023-Data-1024x543.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Executive-PII-2023-Data-300x159.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Executive-PII-2023-Data-768x407.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Executive-PII-2023-Data-1536x814.png 1536w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Executive-PII-2023-Data.png 1895w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Source: <a href=\"https:\/\/joindeleteme.com\/business\/blog\/personal-data-privacy-impact-on-business\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/joindeleteme.com\/blog\/personal-data-privacy-impact-on-business\/\" rel=\"noreferrer noopener\">DeleteMe&#8217;s 2023 PII Exposure Risk Report<\/a><\/figcaption><\/figure><\/div>\n\n\n<p>This is the case for executives that work at companies of all sizes, from SMBs to large enterprises.&nbsp;<\/p>\n\n\n\n<p>Mitigation is a problem too. Even when a company an executive works for has an executive security program in place, we typically still find their personal information on data broker websites.<\/p>\n\n\n\n<p>Common information available about executives on data brokers includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Full name<\/li>\n\n\n\n<li>Current address and address history&nbsp;<\/li>\n\n\n\n<li>Phone numbers<\/li>\n\n\n\n<li>Personal and professional email addresses.<\/li>\n\n\n\n<li>Date of birth&nbsp;<\/li>\n\n\n\n<li>Financial information, including estimated income and net worth<\/li>\n\n\n\n<li>Family member data&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>For bad actors, this means they can find everything they may want to know about an executive in a single place and with a simple Google search.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"968\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/databrokerbuyprofile-1024x968.png\" alt=\"\" class=\"wp-image-7699\" style=\"width:512px;height:484px\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/databrokerbuyprofile-1024x968.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/databrokerbuyprofile-300x284.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/databrokerbuyprofile-768x726.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/databrokerbuyprofile-1536x1452.png 1536w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/databrokerbuyprofile.png 1610w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>Using a data broker is far easier than scraping an executive\u2019s social media or looking for information on public records and cross-referencing this data to make sure it\u2019s correct.&nbsp;<\/p>\n\n\n\n<h2 id=\"how-data-brokers-threaten-executive-privacy-and-executive-security\" <\/h2>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-data-brokers-threaten-executive-privacy-and-executive-security\">How Data Brokers Threaten Executive Privacy and Executive Security<\/h2>\n\n\n\n<p>The proliferation of executive personal data on data broker sources has a direct effect on executive security and privacy.<\/p>\n\n\n\n<p>Data brokers put business leaders at increased risk of personal, financial, information security, and reputational attacks.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"personal-threats\">Personal threats&nbsp;<\/h3>\n\n\n\n<p>Personal information exposure impacts executive security and puts them at risk of a range of threats, including harassment, doxxing, and (somewhat more rarely) swatting.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"harassment\">Harassment<\/h4>\n\n\n\n<p>Taking a stand on social\/political issues, severing ties with clients or vendors, or making unpopular layoff decisions can all put executives at an increased risk of harassment.&nbsp;<\/p>\n\n\n\n<p>For example, <a href=\"https:\/\/ontic.co\/2021-state-of-protective-intelligence-report\/\" target=\"_blank\" rel=\"noopener\">about a third of executives<\/a> say they\u2019ve seen an increase in physical threats and company backlash due to political unrest and racial justice activism.&nbsp;<\/p>\n\n\n\n<p>Harassment that starts online or over the phone can quickly escalate, putting executive security in danger.&nbsp;<\/p>\n\n\n\n<p>In 2019, a man named Rakesh \u201cRocky\u201d Sharma left <a href=\"https:\/\/www.techspot.com\/news\/84121-court-grants-apple-temporary-restraining-order-against-man.html\" target=\"_blank\" rel=\"noopener\">intimidating voicemail messages<\/a> for Apple executives, indicating that he knew where they lived and threatening to resort to gun violence. A year later, a man not only <a href=\"https:\/\/nypost.com\/2020\/02\/21\/apple-gets-restraining-order-against-alleged-tim-cook-stalker\/\" target=\"_blank\" rel=\"noopener\">left Apple executives disturbing voicemails<\/a> and tagged Apple CEO Tim Cook with inappropriate photos on Twitter but also trespassed onto Cook\u2019s property \u2014 twice.&nbsp;<\/p>\n\n\n\n<p>Virtually every people search site and data broker sells executive email addresses, phone numbers, and home addresses. Some of them offer this information for free. Worryingly, it can even appear as the first result on search engines like Google.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"391\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/brokerprofile-1024x391.png\" alt=\"\" class=\"wp-image-7701\" style=\"width:512px;height:196px\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/brokerprofile-1024x391.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/brokerprofile-300x114.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/brokerprofile-768x293.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/brokerprofile.png 1416w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>Once they find an executive\u2019s home address on a data broker site, bad actors can look for pictures and floorplans on real estate sites like Zillow and information on daily routines on social media platforms.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"doxxing\">Doxxing<\/h4>\n\n\n\n<p>Doxxing, or doxing, is the act of finding and publicizing an executive\u2019s personal information, like their home address, phone number, and even details about their family, online.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"230\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/twitterdox-1024x230.png\" alt=\"\" class=\"wp-image-7702\" style=\"width:512px;height:115px\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/twitterdox-1024x230.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/twitterdox-300x68.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/twitterdox-768x173.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/twitterdox.png 1164w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>The aim is usually to embarrass an executive, draw criticism to them, or cause them physical and\/or emotional harm.&nbsp;<\/p>\n\n\n\n<p>In 2015, hackers leaked the address and phone number of the former chief executive officer of Turing Pharmaceutical AG, Martin Shkreli, on 4chan, an anonymous online discussion board. <a href=\"https:\/\/money.cnn.com\/2015\/09\/24\/technology\/martin-shkreli-contact\/index.html\" target=\"_blank\" rel=\"noopener\">According to CNN<\/a>, \u201csubsequent comments suggested ordering pizza to [Shkreli\u2019s] Manhattan apartment and sending prostitutes who demand pills as payment.\u201d&nbsp;<\/p>\n\n\n\n<p>Shkreli was doxxed because he raised the price of Daraprim, a drug used by cancer and AIDS patients, overnight.&nbsp;<\/p>\n\n\n\n<p>But executive security can be threatened in this way even if they don\u2019t do anything controversial.&nbsp;<\/p>\n\n\n\n<p>In 2020, finance marketing executive <a href=\"https:\/\/nymag.com\/intelligencer\/2020\/06\/what-its-like-to-get-doxed-for-taking-a-bike-ride.html\" target=\"_blank\" rel=\"noopener\">Peter Weinberg was misidentified<\/a> by internet sleuths who accused him of assaulting a child. His home address was posted online, and his social media blew up with messages like \u201cwe\u2019re coming for you\u201d and \u201cyou deserve to pay.\u201d<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"swatting\">Swatting<\/h4>\n\n\n\n<p>Swatting is when someone threatens executive security by tricking law enforcement into sending armed officers (and often SWAT teams, hence the name) to an executive\u2019s home.&nbsp;<\/p>\n\n\n\n<p>In 2020, pranksters swatted a number of tech executives, including senior Facebook executive Adam Mosseri.&nbsp;<\/p>\n\n\n\n<p>\u201cOfficers arrived in force and barricaded the streets outside. Twice,\u201d <a href=\"https:\/\/www.nytimes.com\/2020\/01\/23\/technology\/fake-swat-calls-swatting.html\" target=\"_blank\" rel=\"noopener\">wrote The New York Times<\/a>. \u201cBut after tense, hours-long standoffs, they realized the calls were hoaxes. There were no hostages, and no one in the homes had called the police.\u201d<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"financial-fraud\">Financial Fraud<\/h3>\n\n\n\n<p>High-profile, high-income individuals typically have more accounts and credit, which puts them at a higher risk of financially-motivated identity theft.&nbsp;<\/p>\n\n\n\n<p>As long as an identity thief knows enough personal information about an executive, they can trick the person they\u2019re talking to into thinking that they\u2019re who they say they are.&nbsp;<\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Learn more: <em><a href=\"https:\/\/joindeleteme.com\/businessblog\/privacy-vs-identity-protection\/\" target=\"_blank\" rel=\"noreferrer noopener\">Privacy vs. identity protection: what\u2019s the difference?<\/a><\/em><\/strong><\/p>\n\n\n\n<p>Microsoft co-founder <a href=\"https:\/\/www.computerworld.com\/article\/2502247\/microsoft-co-founder-paul-allen-victim-of-id-theft.html\" target=\"_blank\" rel=\"noopener\">Paul Allen\u2019s identity was stolen<\/a> after an identity thief called his bank and, pretending to be Allen, changed his address and phone number. He later called the bank again, this time convincing the employee to send him a new debit card in Allen\u2019s name.<\/p>\n\n\n\n<p>These kinds of incidents happen all the time.&nbsp;<\/p>\n\n\n\n<p>A few years ago, a man was able to open bank accounts in other people\u2019s names and collect nearly $200,000 in fraudulent loans from six different US banks after buying a swathe of personal information <a href=\"https:\/\/qz.com\/1690801\/background-check-sites-like-truthfinder-are-great-for-identity-thieves\" target=\"_blank\" rel=\"noopener\">from a data broker<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"information-security-risks\">Information security risks<\/h3>\n\n\n\n<p>Cybercriminals often target executives in cyber-attacks because they tend to have admin privileges and, as a result, access to sensitive documents, databases, and other valuable materials.<\/p>\n\n\n\n<p>Most business leaders understand the importance of cybersecurity. Yet <a href=\"https:\/\/www.forbes.com\/sites\/louiscolumbus\/2020\/05\/29\/cybersecuritys-greatest-insider-threat-is-in-the-c-suite\/?sh=6e0d893f7626\" target=\"_blank\" rel=\"noopener\">many executives<\/a> circumvent security safeguards if it makes their life easier.&nbsp;<\/p>\n\n\n\n<p>Two main executive security threats are social engineering and account takeover. Although less talked about, corporate espionage via social media sites like LinkedIn is becoming more common.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"social-engineering\">Social engineering<\/h4>\n\n\n\n<p><a href=\"https:\/\/www.ivanti.com\/lp\/security\/assets\/s1\/2023-cybersecurity-status-report\" target=\"_blank\" rel=\"noopener\">Over a third of surveyed executives<\/a> admit to clicking on a social engineering link. This is four times the rate of a general employee.<\/p>\n\n\n\n<p>Two types of social engineering attacks affect executives specifically:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Spear phishing<\/strong> involves sending personalized emails or text messages to executives to trick them into revealing confidential information or installing malware on their devices.&nbsp;<\/li>\n\n\n\n<li><strong>Whaling <\/strong>(also known as CEO fraud) is when cybercriminals send deceptive email messages pretending to be senior executives at an organization to other executives or third parties like clients.<\/li>\n<\/ul>\n\n\n\n<p>In both cases, attackers use data brokers and other online sources to both (a) find targets and (b) make their messages seem more authentic.&nbsp;<\/p>\n\n\n\n<p>It is not enough to know the names and email addresses of executives. Cybercriminals also need to find \u201cthe missing detail\u201d that will lull executives into a false sense of security and into doing what the email\/text message asks them to do. This requires cross-referencing lists through sources like social media, corporate websites, and data brokers.&nbsp;<\/p>\n\n\n\n<p>Back in the day, this used to be an arduous process. Today, it\u2019s easier than ever, thanks to open-source reconnaissance tools.<\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Learn more: <em><a href=\"https:\/\/joindeleteme.com\/business\/blog\/3-insights-help-companies-protect-themselves-against-hackers\/\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/joindeleteme.com\/blog\/3-insights-help-companies-protect-themselves-against-hackers\/\" rel=\"noreferrer noopener\">3 personal information insights to help companies protect themselves against hackers<\/a><\/em><\/strong><\/p>\n\n\n\n<p>Because many online data sources include information on family members, cybercriminals can also target an executive\u2019s partner, child, or parent, gain access to the executive\u2019s home network, and look for other assets to leapfrog to.&nbsp;<\/p>\n\n\n\n<p>These attacks are made more dangerous because <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/corporate-data-on-personal-devices\/\" target=\"_blank\" rel=\"noopener\">many employees access data<\/a> that belongs to their employers on personal devices. Additionally, a large number of board members and executives <a href=\"https:\/\/www.boardeffect.com\/blog\/what-risks-using-personal-email-board-business\/\" target=\"_blank\" rel=\"noopener\">use personal email addresses<\/a> for business purposes. Threat actors, including the Chinese hacking group APT31, are known to send phishing emails <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-chinese-hackers-target-gmail-users-affiliated-with-us-govt\/\" target=\"_blank\" rel=\"noopener\">to Gmail users<\/a>.<\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Learn more: <em><a href=\"https:\/\/joindeleteme.com\/business\/blog\/cybercriminals-osint-social-engineering\/\" target=\"_blank\" rel=\"noreferrer noopener\">How cybercriminals use open-source intelligence for social engineering&nbsp;<\/a><\/em><\/strong><\/p>\n\n\n\n<p>Successful social engineering campaigns can have devastating consequences for both organizations and executives themselves.&nbsp;<\/p>\n\n\n\n<p>In 2018, the CFO and Managing Director of Pathe, a European cinema chain, were <a href=\"https:\/\/variety.com\/2018\/film\/news\/pathe-loses-more-than-21-million-internet-scam-1203027025\/\" target=\"_blank\" rel=\"noopener\">fired from their jobs<\/a> after failing to spot a whaling attack that cost their company more than $20 million. The <a href=\"https:\/\/www.reuters.com\/article\/us-facc-ceo\/austrias-facc-hit-by-cyber-fraud-fires-ceo-idUSKCN0YG0ZF\" target=\"_blank\" rel=\"noopener\">same thing happened<\/a> to the CEO of the Austrian aerospace parts maker FACC.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"account-takeover\">Account takeover<\/h4>\n\n\n\n<p>C-level executives like CFOs and CEOs are <a href=\"https:\/\/securitybrief.com.au\/story\/spear-phishing-attacks-on-the-rise-with-risk-to-small-businesses\" target=\"_blank\" rel=\"noopener\">twice as likely<\/a> to be affected by account takeover attacks compared to the general workforce.&nbsp;<\/p>\n\n\n\n<p>Account takeover (or account compromise) happens when cybercriminals gain access to an executive\u2019s online accounts, usually through credential stuffing.&nbsp;<\/p>\n\n\n\n<p>Additional security measures like executive security questions and multi-factor authentication rarely stop determined attackers from taking over an executive\u2019s account, as these can also be bypassed.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"credential-stuffing\">Credential stuffing&nbsp;<\/h5>\n\n\n\n<p>Most people tend to think of credential stuffing as a \u201cdumb\u201d attack where hackers use breached data sets to infiltrate target networks. In reality, cybercriminals also make use of personal information available on the internet to take over accounts.&nbsp;<\/p>\n\n\n\n<p>Many people use easy-to-remember passwords derived from personal data, and executives are no exception. <a href=\"https:\/\/www.ivanti.com\/lp\/security\/assets\/s1\/2023-cybersecurity-status-report\" target=\"_blank\" rel=\"noopener\">About one in four executives<\/a> use birthdays as part of their password.&nbsp;<\/p>\n\n\n\n<p>These kinds of weak passwords are a problem because if a threat actor can find out enough about an executive, they can conduct targeted password-guessing attacks, and impact executive security. <\/p>\n\n\n\n<p class=\"has-text-align-center\"><strong>Learn more: <em><a href=\"https:\/\/joindeleteme.com\/business\/blog\/breaches-weak-passwords-data-brokers\/\" target=\"_blank\" rel=\"noreferrer noopener\">The link between weak passwords, data breaches, and data brokers<\/a><\/em><\/strong><\/p>\n\n\n\n<p>In the past, leveraging executive personal information for account takeover attacks was a relatively complicated and time-intensive process. There was just too much personal information to go through, and at least some of it was erroneous or outdated.&nbsp;<\/p>\n\n\n\n<p>The widespread availability of open-source tools and AI has meant that cybercriminals can employ this tactic at scale.&nbsp;<\/p>\n\n\n\n<p>Meanwhile, sophisticated bots allow hackers to hide their activity from security controls designed to detect brute force attempts.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"security-question-guessing\">Security question guessing<\/h5>\n\n\n\n<p>In addition to requiring a password, some login portals also ask for executive security questions. Others let executives reset a forgotten password by answering questions like \u201cwhat city did you grow up in?\u201d or \u201cwhere did you go to high school?\u201d&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"756\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/securityqs-1024x756.png\" alt=\"\" class=\"wp-image-7703\" style=\"width:512px;height:378px\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/securityqs-1024x756.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/securityqs-300x221.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/securityqs-768x567.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/securityqs.png 1184w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>Knowledge of personal information can help cybercriminals circumvent executive security questions.&nbsp;<\/p>\n\n\n\n<p>Despite their name, answers to most executive security questions are far from secret. For example, most people\u2019s mothers\u2019 maiden names (a common executive security question) can be <a href=\"https:\/\/www.academia.edu\/2785306\/Messin_with_texas_deriving_mother_s_maiden_names_using_public_records\" target=\"_blank\" rel=\"noopener\">found via marriage and birth records<\/a>. This information also appears on data brokers, which makes it easy to compromise executive security.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"mfa-bypass-attacks\">MFA bypass attacks<\/h5>\n\n\n\n<p>Multi-factor authentication doesn&#8217;t guarantee executive security. Criminals can bypass between 90% and 95% of MFA solutions using a phishing text, email, or phone call.&nbsp;<\/p>\n\n\n\n<p>As security researcher <a href=\"https:\/\/www.infoq.com\/news\/2022\/09\/Uber-breach-mfa-fatigue\/\" target=\"_blank\" rel=\"noopener\">Kevin Beaumont said<\/a>, &#8220;call the employee 100 times at 1AM while he is trying to sleep and he will more than likely accept it.&#8221; This is known as MFA fatigue, and is a tactic that was used to breach Uber.&nbsp;<\/p>\n\n\n\n<p>SIM swap attacks, where an attacker takes over an executive\u2019s phone number by impersonating them to their phone company, are also a popular way to compromise executive security.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"corporate-espionage\">Corporate espionage<\/h4>\n\n\n\n<p>Easy access to executives\u2019 personal information makes it easy for competitors and adversaries to conduct corporate espionage.&nbsp;<\/p>\n\n\n\n<p>A good example of how this might happen was shared by the risk management expert Lisa Forte in <a href=\"https:\/\/darknetdiaries.com\/transcript\/122\/\" target=\"_blank\" rel=\"noopener\">a Darknet Diaries podcast episode<\/a>.&nbsp;<\/p>\n\n\n\n<p>She recounted how a scientist working at a particular company wrote a fairly benign LinkedIn post that was commented on by a woman with a very similar background to him.&nbsp;<\/p>\n\n\n\n<p>They began communicating, and before he knew it, he had:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Shared his organization\u2019s intellectual property with her (she had promised him a better job but apparently needed to see proof of the projects he had worked on).<\/li>\n\n\n\n<li>Clicked on a malware-laden link (she said her HR department would send him documents he needed to read).&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>An investigation into the incident could not determine who the threat actor that duped the scientist was. It could have been a nation-state hacker, competitor, or someone else with an agenda.&nbsp;<\/p>\n\n\n\n<p>However, one thing is clear: the threat actor went to great lengths to make their LinkedIn profile look similar to their target\u2019s.&nbsp;<\/p>\n\n\n\n<p>To do this, the threat actor could have gleaned some information from the target\u2019s LinkedIn profile, but they could have also found additional information they needed from data brokers, who not only scrape social media but also get data from other sources, like public records and credit card companies.&nbsp;<\/p>\n\n\n\n<p>Corporate espionage on social media platforms like LinkedIn is becoming a more serious problem. Intelligence and security services across the world are <a href=\"https:\/\/www.scmagazine.com\/news\/breach\/foreign-threat-actors-used-fake-linkedin-profiles-to-lure-10000-uk-nationals\" target=\"_blank\" rel=\"noopener\">warning organizations<\/a> to be on the lookout for fake LinkedIn profiles that are likely connected to nation-state threat actors.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"reputational-attacks\">Reputational attacks<\/h3>\n\n\n\n<p>If a bad actor can successfully impersonate an executive, they can negatively impact that executive\u2019s reputation. This can also damage the reputation of the company the executive works for.&nbsp;<\/p>\n\n\n\n<p>For example, an attacker that impersonates an executive in a fraudulent email that goes out to a client or business partner could ruin the executive\u2019s (and the company\u2019s) relationship with the recipient.&nbsp;<\/p>\n\n\n\n<p>The same can happen if a bad actor creates a fake social media profile in an executive\u2019s name using personal information found on online sources.&nbsp;<\/p>\n\n\n\n<p>In a social media impersonation attack, a bad actor can use an executive\u2019s name to defraud unsuspecting individuals, post negative commentary directed at a group of people or organization, or share fake updates about the company they work for.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"771\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/elonmusktwitter-1024x771.png\" alt=\"\" class=\"wp-image-7705\" style=\"width:512px;height:386px\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/elonmusktwitter-1024x771.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/elonmusktwitter-300x226.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/elonmusktwitter-768x579.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/02\/elonmusktwitter.png 1184w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>Bad actors tend to like social media impersonation attacks because social media gives them a wider audience.&nbsp;<\/p>\n\n\n\n<p>In one real-world example, an executive was impersonated on Instagram. By the time he found out about it from a friend who texted to ask him if he had reached out to him on the social media platform, the <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/feature\/LinkedIn-scams-fake-Instagram-accounts-hit-businesses-execs\" target=\"_blank\" rel=\"noopener\">account had 2,300 followers<\/a>.&nbsp;<\/p>\n\n\n\n<h2 id=\"who-needs-executive-security-protection\">\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"who-needs-executive-security-protection\">Who Needs Executive Security Protection?<\/h2>\n\n\n\n<p>It\u2019s not just business leaders who need executive security protection and digital privacy services. Their families can be at risk too.&nbsp;<\/p>\n\n\n\n<p>Because data brokers make connections between individuals, an executive\u2019s data broker profile can often contain information on their spouse, kids, parents, and other family members.&nbsp;<\/p>\n\n\n\n<p>This can increase both personal and organizational risk:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Personal risk. <\/strong>In the wake of controversial events, there is a higher risk of doxxing for public-facing figures and their family members. For example, at least two LAPD officers saw information on where their kids go to school <a href=\"https:\/\/www.independent.co.uk\/news\/world\/americas\/los-angeles-shooting-some-lapd-officers-are-victims-of-doxxing-after-shooting-of-homeless-man-10085520.html\" target=\"_blank\" rel=\"noopener\">posted on the internet<\/a>.&nbsp;<\/li>\n\n\n\n<li><strong>Organizational risk. <\/strong>In several cases, advanced threat actors sent phishing texts to <a href=\"https:\/\/arstechnica.com\/information-technology\/2022\/08\/phishers-breach-twilio-and-target-cloudflare-using-workers-home-numbers\/\" target=\"_blank\" rel=\"noopener\">employees\u2019 family members<\/a> in an attempt to gain unauthorized access to companies\u2019 internal systems.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Board members and other high-risk individuals (including highly visible employees) and VIPs, like those with high levels of access to sensitive corporate data, are also often targeted in personal and corporate attacks and can benefit from executive security services.<\/p>\n\n\n\n<h2 id=\"how-organizations-can-protect-executive-security-and-privacy\">\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-organizations-can-protect-executive-security-and-privacy\">How Organizations Can Protect Executive Security and Privacy<\/h2>\n\n\n\n<p>Depending on the size of the company, assessed risk, and security needs, executive security services can cost anywhere between $50,000 (small organization) and $1 million (large Fortune 500 firm) per person.&nbsp;<\/p>\n\n\n\n<p>This cost often includes executive security tools and services like like email monitoring, social engineering training, security guards, key person insurance, and executive protection agents.<\/p>\n\n\n\n<p>While crucial, these kinds of corporate executive security systems are reactive, i.e., they help executives and their teams spot and stop attacks in progress.<\/p>\n\n\n\n<p>To make attacks that compromise executive security and privacy less likely to happen in the first place, another layer of defense is needed: <strong>proactive personal data removal<\/strong>.&nbsp;<\/p>\n\n\n\n<p>Personal data removal reduces the amount of personal information that appears about corporate executives on the internet. It involves opting out of popular data broker sources to ensure that when a bad actor googles an executive\u2019s name, they can\u2019t view their entire life\u2019s story.&nbsp;<\/p>\n\n\n\n<p>To work, opt-outs need to be continuous. Data brokers relist people\u2019s profiles as soon as they scrape\/buy new data.&nbsp;<\/p>\n\n\n\n<p>Executives rarely have the time to keep on top of regular, manual opt-outs themselves. That\u2019s why data broker removal services like DeleteMe exist. To give executives peace of mind that easily exploitable personal information is off and will stay off the internet.&nbsp;<\/p>\n\n\n\n<p>In addition to opting out of data brokers, executives and their executive security teams should take other steps to reduce their digital footprints:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Avoid sharing personal life on social media, especially on professional accounts. Keep personal accounts private.&nbsp;<\/li>\n\n\n\n<li>Do not include sensitive personal information in executive biographies on company websites or elsewhere.&nbsp;<\/li>\n\n\n\n<li>Provide continuous training programs to executives on the importance of online privacy.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>The less personal information exists about executives on the internet, the harder they are to attack. To <a href=\"https:\/\/f3magazine.unicri.it\/?p=333\" target=\"_blank\" rel=\"noopener\">quote one anonymous hacker<\/a>, \u201cWhenever the target can\u2019t be hacked well\u2026 ya know, there\u2019s plenty of other targets out there :)\u201d&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Personal information protection is essential for executive privacy and executive security.  <\/p>\n","protected":false},"author":16,"featured_media":7708,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"b2b-category":[45],"class_list":["post-7697","b2b-post","type-b2b-post","status-publish","format-standard","has-post-thumbnail","hentry","b2b-category-resources"],"acf":[],"_links":{"self":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/7697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post"}],"about":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/types\/b2b-post"}],"author":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/users\/16"}],"version-history":[{"count":0,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/7697\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media\/7708"}],"wp:attachment":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media?parent=7697"}],"wp:term":[{"taxonomy":"b2b-category","embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-category?post=7697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}