By Cynthia Hetherington
The Importance of Protecting Your Personally Identifiable Information
Data, at its most annoying, is a commodity with social media sites selling your Likes to data providers. Data, at its most dangerous, allows terrorists and scammers—as near as your neighbor or from faraway lands—to farm from open sources the personal addresses of our military personnel to threaten them and their families. They robocall mercilessly and prey on the elderly. Unfortunately, we share much of the data that generates these annoyances and threats.
In this blog series, we help you understand the dark side of information sharing. You will learn the pitfalls of oversharing and how to reduce your online risks. You will gain useful tips for protecting your personally identifiable information (PPI) and preventing identity theft, learn how to opt out of online vendors and how to remove your PPI from three major DNA collection retrieval services.
A variety of information is available to businesses and organizations. While most of the information is non-sensitive, some of it can be sensitive. This week we provide guidance on how to engage in social media with a minimalist approach.
Putting the Least of You Out There
With all the listed precautions in this blog series, it might seem ideal to delete all your social media accounts, unplug all appliances, and move to a desolate part of the world where you can live off the grid.
However, being completely offline is much more suspicious than being online and oversharing every mundane detail of one’s life.
At Hg we recommend clients create a minimal online social media presence with no valuable information attached to it. For instance, “I’m an executive in the New York metro area, with a dull life and unremarkable kids” reads as a rather benign profile that shows you have some sort of online activity. Whenever we research an individual and find no personal online information about them, their kids, family, or anyone else connected to them, we start to assume they work in the government—precisely what, if it is true, you do not want people to assume—or they are possibly dead. We would not, however, consider them gang members or drug dealers, because experience tells us those sorts of individuals love social media and are easily tracked when their accounts are found.
So, when it comes to your social media presence, create a minimalist site with a fresh email address and no valuable content. The profile image should be vague—a skyline, a piece of artwork, a picture of a favorite food, a dog, or a superhero. Do not project images with identifying marks, badges, designations, and absolutely no photos of your children. With such a profile, you might be perceived as dull online, but offline you will enjoy a larger sense of security with the ability to control your online world and the antics of those who wish to do you harm.
If you have been victimized by online bullying or information exposure, contact an online risk assessment company to help you discover how extensive the damage is. In the case of a local cyber-bullying attack, most victims usually have a sense of who the culprit is. However, finding out you are the target of ISIS, Anonymous, or any other anti-establishment group can be life altering for you . In such cases, contact a law enforcement agency equipped to handle such concerns and a professional service firm with a solid reputation for online assessments and removals to assist you in removing any sensitive information.
The bottom line: Respect social media applications. There is an appropriate time and place for using social media. Remember, if you would not feel comfortable having your online activity broadcast through your local grocery store’s public-address system, while simultaneously having a giant, neon arrow pointing directly at you, then there’s a good chance your online activity has no business being online.
Our series, Info Exposed, is meant to help you to facilitate your personal privacy in a very open online world. There is no one solution, no one vendor, that has all the answers. The best security practices start at home. Using our tips as a guide, you can begin to remove, obstruct, or obscure the open source information that leaves you and your family vulnerable online. The entire report, Information Exposed, is also available to download for free.
Are you an analyst or investigator looking for advanced OSINT training on risk assessment and risk monitoring? If so, check out Hg’s webinar series, where you can attend live sessions and receive CEUs or watch previously recorded sessions to beef up your investigative skills.
Are you concerned about your company’s or employees’ points of vulnerability through online and open sources? Our skilled analysts are experts at removing personal information that puts you, your business partners, and your family at risk. Learn how our team can assist you in assessing and monitoring your risks.
Cynthia Hetherington, MLS, MSM, CFE, CII is the founder and president of Hetherington Group, a consulting, publishing, and training firm that leads in due diligence, corporate intelligence, and cyber investigations by keeping pace with the latest security threats and assessments. She has authored three books on how to conduct investigations, is the publisher of the newsletter, Data2know: Internet and Online Intelligence, and annually trains thousands of investigators, security professionals, attorneys, accountants, auditors, military intelligence professionals, and federal, state, and local agencies on best practices in the public and private sectors.