In recent years, the Internet and social media have devolved into a virtual minefield for corporate executives. The pandemic and sociopolitical unrest of 2020 further accelerated the trend, leading to more nastiness and threats than ever. Against this changing backdrop, the field of executive protection has been expanding and redefining itself in real-time. Today, executive protection has advanced far beyond securing locations and bodies in the physical realm to also safeguarding online identities and reputations in the digital realm.
CEOs and companies are expected to take a stand on pressing social issues, yet the moment they do, they put a target on their back. There will always be someone who disagrees, and likely, there will be someone who takes that disagreement a step too far. In this politically charged and polarized environment, attackers are increasingly weaponizing the use of personal information that they freely obtain online to phish, dupe, dox, impersonate, and physically threaten executives.
As the CEO of a digital privacy company, I speak with many frazzled executives after they’ve been threatened at their homes. A friend of mine who leads a large consumer internet platform received a 5 AM wakeup call on his personal cell phone one morning from a displeased end-user. This user proceeded to make thinly veiled threats to my friend’s wife and children, even referring to them by name as an intimidation tactic. (It turned out the information came from people-search websites and it was removable through opt-outs.)
I am also reminded of more extreme, high-profile cases ranging from the YouTube shooter who retaliated after being upset about new policies that restricted ad revenue to the Stage 4 cancer patient, displeased with his doctors’ care, who tracked down their homes online and showed up with handguns. Just last month, giving new meaning to the phrase “getting out of Dodge,” Mayor Joyce Warshaw of Dodge City, Kansas resigned from her post due to increasing fear from the endless stream of email and voicemail threats following the city commission’s mask mandate vote. Most recently, amidst the tension of the stimulus bill, the homes of political leaders Mitch McConnell and Nancy Pelosi were vandalized after their addresses were tracked down online.
It’s no secret that leaders and executives are the most common and valuable targets for physical threats and cyberattacks. They carry the highest public profile, the most authority, and the broadest access to sensitive information. According to Verizon’s 2020 Data Breach Investigation Report, senior executives are 12 times more likely to be victims of social engineering incidents.
Much of the raw material that powers these attacks originates from hundreds of people-search sites and data brokers. These sites are technically under no legal obligation to disclose or erase any data they are storing about you. Consequently, anyone with an internet connection can dig up home addresses, email addresses, phone numbers, spouses’ identities and children’s names. It’s only slightly more difficult to find presumably sensitive, “password reset” information such as your mother’s maiden name, your father’s middle name, the street where you grew up, or the high school you attended. This is just the low-hanging fruit – more sensitive data, such as account numbers and passwords, is available on the Dark Web – but in my experience, the biggest part of the problem actually might be lurking in plain sight on the clear web.
Despite all of the bipartisan talk about federal privacy legislation on Capitol Hill over the last few years, we have seen little to no action that might help turn the tide. Everyone agrees there’s a problem and reforms are needed, but lawmakers can’t seem to agree on the right solutions. As a result, data brokers continue to enjoy free rein to buy and sell our personal data, without even telling us they have it.
Making matters more complicated, most executives currently aren’t spending their working hours behind the protected confines of an office environment with secured entrances, guards, video monitoring, and corporate firewalls. Instead, they are operating and communicating from their relatively poorly secured homes, traversing uncontrolled home networks, as they make tough business decisions that can move markets, affect livelihoods, and create unknown enemies.
A recent Wall Street Journal feature explored the surge in physical threats and vulnerabilities of remote work, leading to increased demand for protection. At ReputationDefender, revenue from our executive privacy services expanded by 55% last year, with new sales growing by 79% – and our results are not unique. In the Journal piece, Global Guardian, a corporate security firm, also reported significantly increased demand from companies seeking physical-security assessments and threat-management consultations, which include social media monitoring. In addition, a new survey from the Ontic Center for Protective Intelligence revealed that 71% of security, legal, compliance and physical security executives have seen a dramatic increase in physical threats against their companies in 2020 compared to 2019.
To truly protect an executive or client, security leaders must think holistically across physical and cybersecurity dimensions. The security professional of the 2020s must not only connect the dots between digital privacy and personal protection, they must also help high-profile executives understand all the benefits of being more proactive against online threats. This includes relatively new methods like “self-scouting” each executive’s information and search results on the web, educating them on how it can be exploited to nefarious ends, and working to remove personal data proactively.
Gone are the days when monitoring company-issued devices and static office locations might have been enough. Today, more than ever, keeping a company and an executive safe means protecting the whole individual – in the office, at home and in their digital sphere – including securing their personal information, devices, and entire online footprint. It’s a bold charter that only the most forward-looking and digitally savvy executive protection teams will endeavor to tackle.