One Overlooked Element of Executive Safety: Data Privacy

Companies go to great lengths to protect their top executives. Keeping them safe, healthy and happy so they can perform their duties without unnecessary distractions is critical for the productivity of the company. At one time, executive protection meant providing bodyguards and secure transit and fortifying executive offices against external threats. As more executives work from home, efforts have extended to bolstering home defense systems.

Still, there’s a missing element. In today’s digital world, it’s also necessary to protect executives online. That should include protecting their personal data.

Executives have access to some of the company’s most sensitive information, and they are increasingly being targeted by hackers looking to steal company secrets or perpetrate cybercrimes.

Personal data provides fuel for these crimes. Digital data warehouses store all kinds of details about all of us. At one time, it was just addresses, phone numbers, aliases and relatives. Now, it’s far more detailed information such as political affiliation, names of neighbors, resting heart rate and even Amazon wish lists.

All this data is collected legally by companies. Every time you interact with a computer – via smart device, with a bar code at checkout or on a website – data about you is being collected. In the U.S., there is essentially no limit to the amount of data companies can collect, and there are few limits on how they can use it.

Most data can be sold to anyone who will pay for it – including bad actors – who can use it to personalize their workplace phishing attacks and business email compromise schemes to make them more effective. Executives are particularly at risk for “whaling” attacks, in which a criminal impersonates an executive via email or another means of communication and asks the target for money and/or sensitive information.

A successful whaling attack can be quite lucrative because executives have credibility and power. In one such attack, a Mattel finance executive sent $3 million to a fraudster impersonating the company’s CEO. With the possibility of such large payouts, criminals will go to considerable effort to use personal details, which makes their requests compelling and believable.

Executives also face risks from social media, where they are more visible and accessible than ever before. This can be great for brand-building and engagement. Unfortunately, it also puts executives at risk of harassment, or worse, from a variety of bad actors, both online and offline. This can come from dedicated customers or fans who are unsatisfied with a product or service. For example, in 2022, Strauss Zelnick, CEO of Nasdaq-listed video game developer Take Two Interactive, was forced to lock his Twitter account after being bombarded by a wave of harassment from customers dissatisfied with the latest Grand Theft Auto game.

It can also come as a result of taking – or not taking – a stand on social issues. Gone are the days when staying neutral was the preferred corporate strategy. According to research from Accenture, customers are increasingly aligning their spending with their values. They demand to know where companies stand on issues that matter to them. Executives are expected to “walk the walk” and stand for the company’s values. But one false move can place them in the crosshairs of cancel culture and harassers can quickly descend.

This kind of harassment, although still very upsetting for the individuals involved, can at least be somewhat anticipated, and crisis communications strategies can be at the ready. But threats to executives can also arise unexpectedly when a company is caught in the cross currents of the news cycle.

For example, after the contentious 2020 U.S. election, C-suites ranging from the head of strategy and security at Dominion Voting Systems to the CEO of social media app Parler were forced to go into hiding with their families after receiving death threats when their personal information as well as that of their family members was leaked by hackers.

These scenarios don’t even include the possibility of threatening behavior from a disgruntled or terminated employee. In a turbulent economic environment similar to the one we are navigating now, this issue may come into the foreground as executives grapple with layoffs and cost-cutting measures.

That said, cybercrime doesn’t just happen to executives at big companies or celebrity CEOs. Anyone who is involved in decision-making that can impact other people’s lives, contradict their political views or offend their values can become a target.

The effects are devastating. Researchers are just beginning to understand the impact of online harassment, but it appears to be very similar to other types of trauma. Victims might have difficulty concentrating and making decisions. They might experience increased levels of anxiety and even paranoia. They might begin to fear opening messages or looking at their devices. Many individuals have even had to change jobs or alter their daily routines because of cyberstalking and harassment.

Clearly, none of this is optimal to executive productivity. Not only does it affect their own well-being – it can also deplete morale of the company as a whole and ultimately affect a company’s bottom line.

Steps to Mitigate Risk

The good news is that there are steps companies can take to protect their executives, their families and their organizations. It starts with educating them about threats and the fact that they are possible targets. Like the general public, executives can avoid oversharing personal information on social media.

They can protect their web browsing by using browser extensions to . They can maintain strong passwords, use a separate email address for sensitive activities and be on high alert for any suspicious-sounding communications.

They can also remove their data from the more than 190 people-search sites that exist. Data from the company OneRep shows that the average person has data records on 46 of these sites.

People-search sites are legally required to remove your information upon request, but they aren’t legally required to make it easy for you to submit that request. Few people, least of all executives, have the time to approach 46 sites and request that their data be removed. Even if they could, it’s a Sisyphean task. OneRep data shows that much of this information resurfaces within four months – when they get their next data dump from their data broker.

Fortunately, there are technology companies that can comb all the people search sites, locate your records and automate the removal process. They also provide continued monitoring and removal of your data should it reappear.

The proliferation and widespread availability of personal data is dangerous for public-facing executives, their families and their companies. Companies understandably prioritize protecting the physical safety of top executives, but in today’s polarized, always-on world, keeping executives safe online is also imperative. It’s a small investment that pays dividends in peace of mind.