Given the heightened threat environment – the recent U.S. election, various wars, several high-profile data breaches, the fatal shooting of UnitedHealthcare CEO Brian Thompson followed by the disturbing online celebration of his killer – we’re fielding an increasing number of calls from business leaders seeking to bolster their digital privacy. Accordingly, we’ve compiled a list of best practices for executives and their families who want to minimize risk and reduce their digital footprint.

1.   Remove Your Personal Data from the Internet

Many executives mistakenly believe that if they are not on social media, their personal identifying information (PII)—name, home address, cell phone number, and the names of their spouse and children—is not on the Internet.

This is untrue.

Every time you purchase a house, sign up for a subscription service, register to vote, or are implicated in a data breach, companies collect and sell your PII. Websites from Spokeo to Whitepages, Lexis Nexis to Intelius, house and store your personal data, making it dangerously easy for the public to locate you with a simple name search on Google.

In the last decade, selling personal data has become a big business. There used to be 100 or so sites that housed PII, and, while tedious, data removals could be done manually. Now there are north of 750 sites, all with different opt-out policies and removal times, and removals require some degree of automation in addition to manual follow-ups.

For those in the healthcare, finance, and pharmaceutical sectors, IT professionals should consider utilizing software that removes employees’ private information from the Internet.

For CEOs, board members, C-Suite executives, and high-profile business leaders, we offer white-glove digital privacy services that include a discovery process of identifying where executives are exposed online, and high-impact privacy campaigns that seek to remove their PII from the Internet, de-index websites that expose their private information from Google search, and monitor social media for doxing, swatting, and privacy breaches.

Keep in mind that disappearing from the Internet takes time, with the first year being the most labor-intensive.

2.  Check for Credential Exposure & Data Breaches                           

Data breaches are on the rise. In one high-profile breach that occurred in April 2024 but wasn’t discovered until sensitive data was leaked in August of the same year, a hacker group stole records from National Public Data, a company that sells personal information for background checks. This breach alone reportedly exposed up to 2.9 billion records with highly sensitive personal data of up to 170 million people in the U.S., U.K., and Canada, sparking widespread concerns about safety, privacy, and potential identity theft.

You can check to see if you were implicated in the NPD breach here.

Additionally, you can find out if your email credentials have been implicated in a data breach through a website with the somewhat whimsical name, “Have I been pwned?”

Executives should make sure their CTOs and IT teams use data leak detection software, multi-factor authentication, password management tools – we like 1Password – and enforce a strong password policy.

3. Freeze Your Credit

Given the surge in data breaches, we strongly recommend executives freeze their credit to help guard against potential identity theft. In terms of digital hygiene and best practices, there’s no reason for your credit to be open and floating out there in the ether. Freezing your credit with each of the three bureaus takes a few minutes, and will prevent fraudsters from, say, opening a phone line or applying for a mortgage with your stolen name and social security number.  

You can freeze your credit with the three bureaus here:

• Equifax

• Experian

• TransUnion

Monitor your credit. Most of the credit bureaus offer monitoring for free or at low cost.

Note that many companies claim to “monitor the dark web,” but open web or dark web, no single tool can scan the entire galaxy of the Internet. This is a “better than nothing” situation, where gold standard tools—CrowdStrike comes to mind—continuously search the dark web and pull intelligence to identify threats in near real-time.

Keep an eye on your bank accounts and look for any transactions that seem suspicious or might indicate fraud.

4. Privatize Social Media. And Yes—LinkedIn Counts

Data protection problems and ever-changing privacy protocols put social media users at risk of experiencing significant privacy breaches. Given the vast amount of data many individuals provide publicly and freely on social media — “If you're not paying for the product, you are the product,” as a former Google design ethicist said — fraudsters are often easily able to find enough information to impersonate users, steal their identities, stalk and harass people, and attempt scams. We provide clients with a step-by-step guide to privatizing their social media accounts, from LinkedIn to Facebook.

As always, we encourage executives and their family members to maintain their digital privacy and security. For additional information about our privacy campaigns and for executives facing threats of any kind, please Contact Us.