What concerns keep CEOs and other business leaders up at night? What doesn't?
Financial results and competitive challenges are top of mind for sure. Still, today's c-suiters also face more modern anxieties like the chance of a cyberattack on the company - or the executives themselves.
In the new economy, business executives are more and more digitally connected to family, colleagues, and work through mobile devices and social platforms. Like everyone, each leader's digital interactions and online behaviors leave cyber breadcrumbs across the internet. Hackers can easily search for these digital clues, leaving executives susceptible to having their net worth, intellectual property, and personal reputation exploited. For example, hackers tend to follow the social media feeds of executives to learn about their activities and the colleagues with whom they regularly interact – from personal assistants to other company leaders. A hacker may be able to "crack" the credentials of these trusted colleagues, then begin impersonating them to lure the victim into sharing sensitive corporate or personal information.
What’s the end game for hackers? There could be any number of motives behind a cyber crook’s endeavors to manipulate or sabotage an executive—financial gain, political aims, even revenge, are all examples. A hacker may also target executives to sell their information to others. For example, an executive may post her workout metrics on a fitness app. Cyber-crooks can use this information to uncover the woman’s home address, which they can pass along to known buglers. Or the hacker may follow a person’s notification about attending events, knowing they will not be home at a certain time.
The critical need for executive protection
As the frequency—and cleverness—of digital invaders continue to increase, companies and executives require Fort Knox-like vigilance in the digital realm.
Historically, executive protection services focused on well-trained individuals recognizing and eliminating physical threats against executives and their loved ones. But in today’s connected world, companies have come to understand that executive’s online personal security practices are intertwined with their professional security practices, leaving organizations open to new potential vulnerabilities. So, keeping executives safe must also include internet monitoring for both types of activities.
Hackers thrive on finding personal details – from financial records to photos and text messages – and they don't stop until they find a vulnerability. An inroad can come from an executive’s colleague, friend, or family member. References to names and addresses in online forums, malicious rhetoric toward them, and the presence of leaked sensitive data are all indicators of a possible cyber threat against an executive. It's all crucial intel that, when detected, can stop a threat from materializing.
The public evaluates organizations by the executives they employ and by the actions they take in and out of the office. Over the last decade, the number of privacy breaches causing potential reputational harm to individuals and organizations has grown significantly. Most evident is through the aftermath of the very public Ashley Madison privacy breach, where a large number of company resignations occurred following the days after the information was made publically available. Leading executive protection programs must offer digital monitoring as a core service, along with well-trained investigators. Together, these layers of security can help to anticipate cyber risks and privacy-invasive events before they occur. The key is staying one or two steps ahead of cyber threats and digital delinquents.
Executives can feel safe 24 hours a day when they know that if their sensitive data becomes vulnerable on the web or victim of a cyberattack, immediate action will be taken to prevent unwanted breaches, physical safety attacks, or reputational concerns.
How leading executive protection must operate in a digital world
Executives expect protection – and respect for their privacy. Cybersecurity companies, combined with highly trained protection agents who embrace privacy by design considerations, are the right combinations to meet these expectations. Leading companies should:
- Avoid a one-size-fits-all protection plan, recognizing that executives have different risk profiles;
- Work with executive protection investigators to establish possible risk scenarios that could arise;
- Deploy technology designed to detect the exposure of executives’ personal information, not only on the internet but the deep and dark webs as well;
- Reach an agreement with the organization and the executive about what types of alerts are reported to the company and which cyber threats are reported directly to the executive.
Keeping pace with the ever-changing threats of digital hackers requires extensive monitoring of executives’ online activity. Harnessing the latest technology to monitor the internet is the safest, most confidential way of finding and mitigating vulnerabilities before a lawbreaking citizen finds their way to it and makes it the target of a cyberattack.
Robin Gould-Soil is a recognized authority on privacy and data protection. She has been at the forefront of this burgeoning field for two decades. She has unique expertise resulting from her multi-sector experience across the corporate and public spheres, including executive roles at TD Bank Group, HSBC Canada, the Office of the Privacy Commissioner of Canada (OPC) and the University Health Network (UHN). Robin has spearheaded award-winning privacy initiatives, successfully engaged with a broad range of constituencies and peers, and built effective data protection and governance frameworks for large, global organizations.