Implementing Digital Executive Protection Programs

Digital executive protection is how security-minded companies protect high-profile employees by making it harder for criminals to find their personal information online. 

• According to DeleteMe’s research, executives have 30% more personal information exposed online compared to the average employee or consumer. 

Executives’ online presence can significantly influence their vulnerability to risks ranging from social engineering to harassment. 

• DeleteMe delivers digital executive protection by keeping valuable personal information away from criminals.

Even seemingly innocent executive personal information can be used against them and their companies by criminals. That’s why digital executive protection hinges on being able to keep personal information private.

What Should Be Included In a Digital Executive Protection Program? 

Digital executive protection is how security and HR teams protect executives, their online assets, and personal data from online and offline threats. 

In practice, digital executive protection can mean using various different tools and tactics, including:

• Risk assessment and profiling. Identifying weaknesses in the executive’s digital footprint, including social media, email accounts, and other online presence. 
• Cyber hygiene and training. Offering education on cybersecurity best practices, such as strong password creation, recognizing phishing attempts, and secure communication methods. Regular security awareness training helps keep the executive team updated on emerging digital threats and best practices.
• Secure communication. Ensuring encrypted communication channels for sensitive discussions and transactions. 
• Device security. Installing and maintaining security software on all executive devices, including antivirus programs, firewalls, and VPNs. 
• Secure networks. Setting up secure Wi-Fi networks and using VPNs to protect data transmitted over the internet. 
• Continuous monitoring. Using tools to monitor the executive’s digital footprint in real-time for any signs of compromise or emerging threats. 
• Incident response. Having a plan in place to quickly respond to and mitigate any security incidents impacting the executive and the organization they work for, including notifying relevant parties, containing the breach, and initiating recovery procedures. 
• Data minimization. Reducing the amount of personal information available online about executives by removing unnecessary data from sources like corporate websites and social media and ensuring privacy settings are properly configured.
• Reputation management. Monitoring and managing online mentions of executives and potentially harmful content to protect their reputation. 
• Access control. Ensuring that physical access to executive devices and networks is restricted and monitored.

However, in our experience providing digital executive protection for over a decade, the single most effective step organizations can take to protect their executives is to reduce their digital information footprint. 

An executive’s digital information footprint is all the information about them that is findable online. Information like an executive’s personal phone number, email address, home address, social media accounts, family details, hobbies, and more all make up their digital footprint.

An executives digital footprint increases their risk of being successfully targeted by threats.

What Threats Do Digital Executive Protection Programs Help Prevent?

Attackers target executives through their digital footprint through:   

• Phishing: Using an executive’s email address or phone number. 
• Spear phishing: Turning various personal details about an executive, such as their job title, recent projects, and professional relationships, into highly targeted messages (“spear phishing”) that seem legit.
• Harassment and doxxing: Targeting someone either through their contact details (e.g., their home phone number) or using personal information, like family member names or their employment history, to intimidate or embarrass them.
• Swatting: Swatting involves sending emergency services to an address under false pretenses (which can have serious safety implications). If a criminal knows an executive’s home address, they can potentially swat them.
• Credential stuffing: Figuring out passwords using an executive’s personal details like their date of birth, family member information, etc. 

Tracing an executive’s digital footprint online also gives attackers a way to socially engineer executives. Information such as business affiliations and social interactions can all be used to manipulate or deceive the executive, their colleagues, and family members. 

Digital executive protection depends on reducing their digital footprint by cutting back the personal information available online. 

How Data Brokers Drive Executive Risk

Corporate websites, social media profiles, public records, press releases… These are all open-source intelligence (OSINT) sources that attackers can use to find executive personal data. 

Data brokers are companies that find and collect this information to create profiles about executives using public records, online activity, and commercial data. 

The executive profiles available on data brokers include names, addresses, phone numbers, birth dates, family connections, property ownership, income estimates, social media handles, and more​. 

A whole sub-industry of data brokers, “B2B data brokers”, exists specifically to list executive profiles, including details like education and employment history, professional connections, org charts, and more. 

The danger of leaving executives’ data unchecked on data brokers is the ease with which attackers can obtain their personal and professional data. 

Anyone, including cybercriminals, activists, and stalkers, can purchase an executive’s personal information on a data broker or use people search sites to find their home address, private phone numbers, email accounts, and names of relatives. 

An attacker looking to dox or scam an executive will often start by pulling their target information from data broker websites. 

Digital executive protection means opting executives out of these data brokers. It removes a readily accessible source of personal data that attackers would otherwise exploit​. 

Digital Footprint Reduction for Executive Protection

Tell data brokers to stop listing and selling your executive’s personal information, and you will make it harder for attackers to find and target them, too.

Since we began removing executive information from data brokers in 2010, we’ve refined a tested method of executive personal information removal designed to tackle the core exposure risks first.

The first place to start is with a subcategory of data brokers called “people search sites.”

People search sites are some of the most dangerous sources of executive personal information exposure. They tend to expose executives’ personal information, including contact details and family member details, to anyone with an internet connection. 

Every people search site (just like other data brokers) has its own opt-out process, but they usually follow a similar pattern. To opt out, the person who wants their information removed typically needs to:

1. Find their listing: Search the data broker’s site for your name (and location) to see if it has a profile on you. If the broker in question doesn’t have a public search feature, try searching for your name on a search engine like Google, along with the broker’s name. 
2. Find the opt-out page: Most data brokers have a privacy opt-out page. Look for a “Do Not Sell My Personal Information” or “Privacy” link in the footer of their homepage. Alternatively, you can search for “[Broker Name] opt-out.”
3. Submit an opt-out request: Follow the opt-out instructions on the broker’s opt-out page to request the deletion of your personal data. You might need to confirm your request via email. Some data brokers may also request additional verification, like text verification or a scan of your ID.

Anyone who wants to take their information down from data brokers needs to repeat the above process for all people search sites and data brokers that have a profile on them.  

It’s important to note that even after successful opt-outs, executives’ data may be republished by these sites when they update their databases. Executive data is valuable for data brokers; they can collate and sell it for a premium to a host of customers, including advertising agencies, lead generation firms, sales companies, and more.

That’s why ongoing monitoring is key. Executives must check back periodically to ensure their name hasn’t been re-added. If their profile has returned, they need to submit a new opt-out request.

Digital Executive Protection with Automated Data Broker Opt-Outs

Personal data removal services like DeleteMe automate the manual work of opting out. 

DeleteMe continually checks data broker sites and submits opt-out requests on executives’ behalf, ensuring that their personal information is not easily accessible to just anyone.