Skip to main content

Planning to IPO? 3 Things to Help You Stay Private While Going Public

March 1, 2022

Better brand recognition, a lot more working capital, and a chance to liquidate life-changing equity grants: staff at any business about to go public might be looking forward to these kinds of benefits. However, what most also invariably get on the side is a great deal of attention—not always the good kind.

No pre-IPO company can isolate itself from short-selling naysayers and criminals completely. But removing executive and employee personally identifiable information (PII) from the open web can help organizations mitigate some of the worst personal and organizational threats during this busy and stressful time. 

1. The Personal Privacy Impact of an IPO

From shareholders to executive staff, when a business announces an IPO, anyone with a stake in the company can suddenly find themselves a target for harassment. 

Whether it’s disgruntled former employees, individuals who lost out on the deal, or scammers, wealth and prominence (or the promise of these things) can render those involved in an IPO an attractive target for anyone looking to cause harm or make a quick buck. Case in point: more than 8 in 10 of the top 25 Fortune 500 CEOs have been victims of threats or harassment. 

Besides causing immense stress and in the event that personal harassment campaigns become public, even reputational damage to individuals themselves, these types of incidents can also affect how customers and investors perceive the organization and its public persona. 

2. The Cybersecurity Impact of an IPO

Regardless of how big or small a company is, the organizational, technical, and legal maneuvring that comes with the sudden shift from private to public ownership is a period of great change for any organization—one that cybercriminals are only too keen to exploit. 

According to the FBI, ransomware groups often use time-sensitive financial business events like IPOs and mergers and acquisitions as leverage. 

Specifically when targeting companies involved in these types of events, threat actors will often do the following before an attack:

  • Search their target’s documents and emails for keywords like “NASDAQ.”
  • Research a company’s likely stock valuation.
  • Look for other material nonpublic information, including sensitive assets like intellectual property. 

They will then threaten victims to expose their findings, which could result in potential investor backlash and stock price declines, to pressure them into paying a ransom quickly. 

It’s a great strategy. Research shows that ransomware attacks can affect the price of a victim’s shares by up to 30%. Looking at hacking forums, cybercriminals sometimes even encourage others to use the NASDAQ stock exchange to adjust their extortion process. 

Personal Information Exposure during an IPO

One thing harassment campaigns, doxxing incidents, and breaches tend to have in common is that they more often than not exploit executive and/or employee personally identifiable information. 

That makes sense. After all, if an aggrieved individual can’t find an executive’s phone number, how will they harass/stalk/threaten them? And if a cybercriminal can’t get their hands on an employee’s email address, how will they send them a spear-phishing email? 

Unfortunately, finding this information is remarkably easy. It doesn’t even require a trip to the dark web. 

Because of data brokers—i.e., firms that trade in people’s personal data—anyone can get their hands on an employee’s contact details and other sensitive data via the open web (i.e., with a simple Google search). Today, over 230 data brokers hold information on 99% of all American adults. What’s more, the average data broker lists three personal email addresses per executive, and 40% of data brokers hold IP addresses that can be linked to executives’ home networks. 

Stopping Pre-IPO Threats at Source

Removing executive and employee PII from publicly accessible sources may not dissuade determined individuals from causing harm to an organization that’s about to IPO. But it will certainly make a company a less attractive target. When they’re unable to locate useful PII, malicious individuals are more likely to move on to the next target. 

Although it’s possible to delete PII from data brokers manually, it’s a time-consuming and, at times, complex process. Not only does each data broker have different opt-out procedures (i.e., one might let people opt out online, whereas others may require you to mail in a physical form or even make a phone call), but they also periodically relist people’s information. As such, for it to be effective, removal needs to be continuous. 

DeleteMe was created in 2010 when we realized the difficulty of navigating privacy issues in today’s interconnected and digital world. Our mission is to provide everyone with the power to control their digital identity.

How does DeleteMe privacy protection work?

  1. Employees, Executives, and Board Members complete a quick signup 
  2. DeleteMe scans for exposed personal information
  3. Opt-out and removal requests begin
  4. Initial privacy report shared and ongoing reporting initiated
  5. DeleteMe provides continuous privacy protection and service all year

    Your employees’ personal data is on the web for the taking.

    DeleteMe is built for organizations that want to decrease their risk from vulnerabilities ranging from executive threats to cybersecurity risks.

    Related Posts

    10 Ways to Reboot Your Privacy at Work

    When personal data is out there on the open web it can lead to privacy and security incidents at…

    Our 2022 Cybersecurity Excellence Award Speech: How We Started, Where We’re Going

    We are excited to announce that DeleteMe was recognized (twice!) with 2022 Cybersecurity Ex…

    The Time is Now to Limit Russian Hacker Access to Publicly Available PII

    Although the launch of ContiLeaks and the information revealed there didn’t slow the Russian Hac…