Doxing Execs

This month’s Wired Magazine has an interesting sidebar about preventing doxing (sometimes, doxxing), which, acccording to authors Laura Hudson and Anita Sarkeesiana,occurs when:

[p]erpetrators publish your address or other info online, exposing you to escalating abuse, even physical violence.

Doxing is related, in a way, to Swatting, during which a caller convinces law enforcement that there is an emergency (such as a hostage situation) at the address of the victim of the hoax – thereby triggering a massive police response.

Both depend on the availability of information about the victim in the online environment.

Two well-known doxing attacks – the Sony hack of late last year and the Ashley Madison attack – make it clear that this is a serious problem.  As The Atlantic puts it, ‘[w]elcome to the age of organizational doxxing.” Other, lesser known attacks, show that the problem is increasing against celebrities and executives.

Unfortunately, this is relevant to readers of this blog – employers and their lawyers — because  employees will increasingly become victims of these kinds of attacks, especially if the employee is high profile or otherwise controversial.

In addition to those set out by Wired, defenses include:

1. Excellent corporate cyber-security, including elevating human resources systems to the highest level of protection.

 

2. Excellent personal cyber-security, including using two-factor authentication on every service – and not using those that do not have it.

 

3. Excellent privacy policies in HR, to ensure that information is shared only according to protocol

 

4. Good address protection. Executives who may be subject to any of these kinds of should sit with their lawyers to work on this problem.

 

5. Use opt-out tools from data brokers. See Ken Gagne’s excellent guidance, here.

 

6. Recognition that the cyber and physical security of executives – and the services provided by those departments – may extend well beyond the walls of the enterprise. Comprehensive assessing, planning and testing by all security professionals is essential.  Note that some security work may end up being a taxable fringe benefit if not done properly.