Two cyber risks that can impact both individuals and
businesses is information leakage and online damage to your brand.
Information leakage is where private information about you
has found its way onto the Internet.
Examples could be your passwords, bank account information, unlisted
phone numbers, photos, videos, private documents, etc.. In my career, I have found scanned
copies of checks, credit cards, medical records, marketing plans and drivers licenses that where either inadvertently
posted to a public section of a website, or the website was supposed to have been secured, and wasn’t. In addition, when cyber criminals either
obtain someone’s userID/e-mail and password, they tend to post it on a hacker
password listing site. For businesses,
you would be surprised how many times your employees inadvertently post
sensitive information online. Many times
it’s an IT employee posting on a technical site seeking guidance from
peers. Unfortunately, more times than
not they post using their company e-mail address which identifies the
organization, and then in their posting, they disclose which version of the
system/application that they are seeking advice on, and potentially a security vulnerability. If your organization doesn't already have one, a Policy regarding posting on public forums, comments sections, reviews, etc. using your company e-mail address, should be drafted ASAP to forbid this practice.
Online damage to your brand can negatively impact your
reputation which can cause you to miss opportunities (jobs, customers,
partnerships, hiring talent, etc.).
Negative reviews, ratings, stories could be the result of disgruntled
current/former employees, dissatisfied customers, or your competitors. Identifying what is out there, and then
determining why and who will guide you in how to resolve any negative posts
about you and/or your organization.
To see if you or your organization is currently exposed to
these risks, a good practice to get into is to Google yourself and your
organization at least monthly. What you
want to find out is what does the rest of the online world see when they are looking you up online. As an
individual, this could have an impact on job applications, college acceptance, business opportunities and applying for credit. For an organization, it could impact customer growth, revenue, recruiting talent, and investment.
On Google, use the following search strings (using the
quotes):
- “Your Name”
- “Your organization name”
- “@your domain” (your organization’s e-mail) – This will show you all company e-mail address postings
On IXQuick you can do some more sensitive searches as
IXQuick does not share your search strings with online marketing companies:
- “Your e-mail address”
- “Your phone number”
- “Your e-mail address : * ” – This will show you if your e-mail password has been posted online.
- “Your company userid : *” – This will show you if your company login credentials have been posted.
- You could also search on variations of your SSN or TIN, ie. “All numbers” or with dashes.
The asterisk “ * “ is a wildcard
which may give you back your userid and your password if it has been
compromised.
In addition, for businesses, you should look at your
organization’s reviews and ratings on Google, BBB, Glassdoor, and all of your
social media sites or any other websites you advertise on that offers ratings
or reviews.
By doing this, you can stay on top of any private
information that is posted, and hopefully contact those sites Web Admins to
have erroneous information removed, and be aware of reviews, ratings, and
complaints against your organization and respond to them timely and
professionally.
Remember, a customer
complaint needs to be converted into an opportunity for improvement, and always
take the high road as your responses will be viewed by future potential
customers, employees and investors.
No comments:
Post a Comment