10 Privacy Tips for Business Owners

Limit What You Share To Protect Your Business

Businessman or politician receiving money while being stolen from pocket on a gray background.
Picture of Shawn Stewart

Shawn Stewart

Mr. Stewart has 27 years of experience with hundreds of international, commercial, military, and government IT projects. He holds certifications with ISC2, Cisco, Microsoft, CompTIA, ITIL, Novell, and others. He has a Masters in Cybersecurity, a Bachelors in IT, a Minor in Professional Writing, and is a published author.

privacy-Businessman struggling to the top of a rock, wind blowing his hair, only the sky above himFor business owners, privacy can be difficult. Growing a business requires leaving your desk, meeting new people, and seizing opportunities when they come along. As a business leader, you’ve read all the books. You walked in the shadows of giants who built their brand and their companies from nothing. All it takes is a strong work ethic, determination, and sense of fairness with your customers, employees, and vendors. Your team has the corporate brand and message plastered everywhere on the Internet and social media and you’re finally getting noticed.

Guess who else is noticing you? Yes, hackers and scammers. While you must get the word out about your business, it is imperative you not let slip sensitive information. Yes, no one will know about your business if you don’t tell them, but just like personal yet private data, companies have a tendency to over share, making them vulnerable. To help you, here are 10 tips business owners need to limit their Open Source Intelligence (OSINT).

Social Media Privacy

privacy-Man Watching through window blindsCorporate LinkedIn – What is the top online tool hackers use to gain information on a company? If you said LinkedIn, you are right! LinkedIn is also the favorite tool of most salespeople. Why? Companies, like individuals, love to over share online. I can typically compile an organizational chart of your company by cross-referencing employee titles. With these names, I can build custom and very believable phishing messages. I can also invoke real names when trying to convince someone I’m with IT and need their password. The best policy is to only allow execs and customer-facing employees to maintain LinkedIn profiles.

Executive LinkedIn – Sticking with social media, let’s talk about what you share as an individual online. Sure, the CFO has a life outside of the company but, as you may have missed in our personal privacy post (Link), all I need is a few basic pieces of information and I can find much more, including personal email addresses and cell phone numbers. With your CTO’s cell phone number, I can convince his carrier to clone their SIM card, giving me access to their Multi-factor Authentication. Read about it here (Link). I can also craft phishing messages to personal emails. If I can gain access to an employee’s home network, odds are good I can find a way into your business data. Be sure your employees opt out of sharing personal data, too!

Loose Lips – Employees should NEVER discuss the company on private social media. If you don’t have a policy in place now that all business posts must come from the business, you have open liability. Employees break confidentiality, violate non-disclosure agreements, and lose business deals by talking about sensitive information publicly. In fact, executives should post nothing not approved by the company’s public relations and legal representation. You might be surprised to learn how a simple post can land you and your company in legal hot water (Link).

privacy-Hand of a male pickpocket stretching out stealing a mans wallet from the back pocket of his trousers isolated on whiteOnline Data Privacy

Sanitize Your Website – Spreading the word about your company typically occurs through a webpage. Marketing material is key to driving new business and providing information about company values and offerings. Many companies cross the line when they present pictures, titles, contact info, and personal data about their employees online. Why not give hackers a key to the building? You can’t hide information about executives in a company (as we’ll see below) but you can provide this information directly to customers without broadcasting it to the world.

Sanitize Opinionated Data – Like personal information, databases exist with business information as well. The top three you should review are GlassDoor (Link), the Better Business Bureau (Link), and Dun & Bradstreet (Link). Companies may have the ability to opt out or respond to negative customer and employee comments. To really cover yourself, have your employees follow the steps in our privacy blog (Link) to remove their sensitive personal data. Businesses do not have the same level of privacy expectations, but limiting individual access can only help the company.

privacy-Senior Asian businessman catching a taxi to his next meetingSanitize Public Information – Certain agencies, by law, provide corporate information to the public. Cities, counties, and states list corporate data, particularly about executives, online. If you are a corporation, state and local websites list information about you and your officers. Ensure these agencies limit data posted and show the correct phone numbers, email, and physical addresses. Sales people, scammers, and hackers use this open source data often. Create specific phone numbers and email addresses for public facing contact. Doing so will limit phishing and social engineering attack effectiveness since you’ll know they used Open Source Intelligence.

Privacy On The Move!

Security In Transit – As a business leader, you may travel often. When you do, keep it on the down low. No one other than your closest office staff should know where you are traveling and when. Why? Whaling is the targeting of corporate leaders by hackers. When you are away from the office, you are a vulnerable golden ticket to the company. Try to travel with others and limit conversations in transit. Sounds like paranoia, but they really are out to get you. People will know who you are, especially if you tell the world where you’re going and when.

privacy-Portrait of gorgeous beauty young brunette woman in red dress sitting at the bar with glass of whiskey in luxury interiorSecurity At Rest – Keep your phone and laptop secured at all times. This goes double for your hotel key card. Most key cards can be copied using handheld devices in seconds if they can get within a few inches, even through your pockets! A talented hacker can also clone phones and laptops left behind in your hotel room in a few minutes. Hackers definitely want your data, but they can use phones and laptops to emulate you. They can access your email, texts, and corporate network with your credentials without your knowledge afterward. If you can’t keep your electronics with you, secure them in your room. And don’t trust the hotel safe. Your luggage has better protection (Link).

Security After Hours – After parties and night caps highlight most conferences and meetings, but be wary of your surroundings. Nation-states and rival companies have been known to go to extremes to access corporate data through traveling execs. One group employs, shall we say, “beautiful people” to keep targets busy or to gain access to hotel rooms. Some use professional pick pockets to lift phones, cards, and keys for duplication and return. Be aware while traveling and try to maintain a buddy system. You’d be surprised how popular you are.

Privacy With Protections

privacy-Portrait Of A Worried Young Man Calculating Unpaid StatementsTrust, But Verify – Companies are merely a collection of employees all working toward the same goal – a paycheck, I mean, your corporate mission statement. However, not everyone in the company is doing what is best for the company. Every employee should pass a background and credit check before starting with the company. Anyone with special access, such as IT and security personnel, should be subject to routine background and credit checks. Why? An IT technician with a recent bankruptcy and a new baby is more willing to sell confidential corporate data to your competition and state-sponsored threat actors than someone not hurting for money. Employees with poor credit should not have access to sensitive corporate data. Yes! Really! Insider threats are still high on the list of motivation for data breach and hacks.

The public nature of growing a business and fostering public relationships limits privacy expectations for corporations. However, it doesn’t mean you can’t protect yourself and your employees with these simple steps. Start by asking a cybersecurity expert to search and report on what they find. The level of over sharing, and by whom, might surprise you.

Need Help?

Reach out to us! We’re all in this together. Visit our contact page to submit an inquiry. Also, please follow us on social media for the latest updates.

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *