Do you know who is selling it and where they get it from?
One of our main services that clients purchase is a Digital Vulnerability Assessment.
The purpose it to identify how much of your private data is publicly available.
The reason we do this is to establish a baseline of how exposed a client is and therefore how vulnerable they are is several two main areas:
CRIMINALS – such as identity fraud, financial fraud, details of assets published, details of home address, pictures of the inside of the home, plans of the home, details of the vehicles you own or lease, plans of security measures, phone numbers, emails addresses, passwords.
ADVERSARIES – these may be journalists, competitors, or those with whom there is a dispute. They are looking for information that may cause you harm, be used to intimidate you and of course the current fear…cancel you. This can be details of where your kids go to school, or clubs they attend, historical posts, images or tweets you may have made which in a different climate may be seen to be inappropriate, offensive, or damaging.
DATA MARKETING COMPANIES – These purchase your data and create lists. It is because of these that you receive SPAM and random phone calls asking how your day is going!
We have never had a client who isn’t shocked by what we find.
This information is circulated and sold by two main groups.
CRIMINALS – they have either hacked or acquired your details and sell them on the Dark Web. You may believe that you are safe from this as you have a first calls cyber security system in place. Whilst having such a system is to be encouraged, it would be wrong to suggest that means your data is safe. On an almost daily basis we hear horror stories of major corporations being hacked, why? Well because they are after your data. Whether it is a credit card company, a bank, a social media platform or a major store they all hold our data.
DATA BROKERS – Data brokers are companies selling personal information about you. Data brokers collect information from various sources to build up a detailed picture of who you are and then sell it on. I have a list of 330 data brokers and whilst they are US based, we all use them. Some of more popular names include White pages Experian, Equifax, Acxiom, and Epsilon. Data broker sites obtain information about you in several ways, both on and offline, connecting the dots to build comprehensive consumer profiles, and then sell it on. There is no incentive for them to engage with the people whose data they collect, analyse, share, and profit from. Now you know what happens when you click “I agree” to online privacy policies and terms of use.
The data that is sold is referred to as ‘breach data’.
It is important that we understand where and how our data is being traded, and the security risks associated.
This data is repurposed to:
- Create fake profiles.
- To intimidate.
- ID fraud.
- CEO fraud
- To plan burglaries, kidnaps etc.
- To enable stalking.
- Identify and target vulnerable people in prominent roles for insider threat purposes.
What can you do to protect yourself?
- Have a Digital Vulnerability Assessment (DVA) conducted. This isn’t a Google search, or someone with an ‘open source’ course can do nor is it something the ‘bloke in IT’ can do. It is a professional investigation that searches the open, deep, and dark web, closed forums and others paid to access platforms. Having this completed by someone ill equipped will give you false sense of security.
- Set up a monitoring process. This is a constant process that monitors and removes your data. This is key as the DVA is like Vetting, it is a moment is time. If all you do is have the DVA and then clean up the issues, a week later you may find you are back to square one.
- Be mindful how your data is used. You may choose to have a separate email address purely for when you are subscribing or purchasing items online. Use a password manager to ensure you are not using the same password for everything and the passwords you are using are secure, retained and refreshed.
For further details on our DVA service, our monitoring or anything else discussed please don’t hesitate to get I touch.