If nothing else, the breach of Jeff Bezos’ iPhone reminds us that, just like the rest of us, corporate executives are increasingly connected to family, colleagues, and work through mobile devices and social platforms. And just like everyone else, their digital interactions and online behaviors leave cyber breadcrumbs across the internet.
Hackers can easily search for these digital clues, leaving executives susceptible to having their net worth, intellectual property, and personal reputation exploited. For example, a hacker may be able to “crack” the credentials of the executives’ trusted colleagues, then begin impersonating them to lure the victim into sharing sensitive corporate or personal information. Or, if an executive posts her workout metrics on a fitness app, cyber crooks can use the information to uncover her home address, which they can pass along to known burglars.
What’s the end game for hackers? There could be any number of motives behind a cyber crook’s endeavors to manipulate or sabotage an executive—financial gain, political aims, even revenge are all examples.
As the frequency—and cleverness—of digital invaders continues to increase, companies and executives require Fort Knox-like vigilance in the digital realm.
“The issue with state-sponsored attacks on private citizens, even powerful ones, is they’re often overmatched when it comes to cybersecurity,” says Lou Manousos, CEO at RiskIQ, the cybersecurity firm where I’ve been working as a consultant. “Nation-states have nearly limitless resources to perform reconnaissance, gather offensive intelligence, and build and acquire the most advanced hacking tools on Earth.”
Historically, executive-protection services were focused on well-trained individuals recognizing and eliminating physical threats against executives and their loved ones. But in today’s connected world, companies have come to understand that the threats are often digital and that executives’ online personal security practices are intertwined with their professional security practices, leaving organizations open to new potential vulnerabilities.
The public evaluates organizations by the executives they employ and by the actions they take in and out of the office. Over the last decade, the number of data breaches has grown significantly, many of which have caused reputational harm to individuals and organizations.
Executives expect both protection and respect for their privacy. Leading companies should:
- Avoid a one-size-fits-all protection plan, recognizing that executives have different risk profiles;
- Work with executive protection investigators to establish possible risk scenarios that could arise;
- Deploy technology designed to detect the exposure of executives’ personal information, not only on the internet but the deep and dark webs as well;
- Reach an agreement with the organization and the executive about what types of alerts are reported to the company and which threats are reported directly to the executive.
Keeping pace with the ever-changing threats of digital hackers requires extensive monitoring of executives’ online activity. Responsible companies are the ones finding and mitigating vulnerabilities before the criminals find their way to them.
Robin Gould-Soil is the former head of conduct and chief privacy officer for HSBC Canada. She also has held executive roles at TD Bank Group, the Office of the Privacy Commissioner of Canada (OPC), and the University Health Network. She currently consults for RiskIQ.