How Companies Can Avoid Doxing Attacks
Protect your information and your pocket with these easy steps…
We’re all familiar with the concepts of trolling and phishing, but doxing might be a term that’s escaped you until now. One of the internet’s fastest-growing malpractices, doxing is a threat to individuals and companies alike. This unethical yet legal practice can range from investigative journalism through to online extortion and revenge attacks.
What is Doxing?
Doxing is the process of acquiring and publishing personal information for malicious reasons. Content may range from social media details through to hacked bank accounts or criminal records. The latter are particularly popular, since doxing is often attributed to vigilantism. Some perpetrators believe they’re advancing social justice or exposing bad behavior, while others simply revel in causing damage and distress. Corporate data thefts can ruin a brand’s reputation, particularly if any material acquired is republished or exploited.
Unlike ransomware and extortion, doxing victims aren’t asked to pay money to retrieve their data. Indeed, payment may be demanded to prevent it being distributed across the internet. Data will often be released anyway, so paying up is rarely advisable. Identity theft may ensue after content is released into the open, though this is rarely a doxer’s main aim. Their motives are usually public humiliation, reputation damage or financial gain.
So what can be done to prevent doxing?
Don’t be too social:
It’s vital to be sparing with social media platforms like Facebook and LinkedIn. Many people plaster every element of their lives across public websites, believing the fig-leaf of ‘private’ profile settings will stop unwanted audiences viewing it. Never publish anything you’d be unhappy for a criminal or someone with a grudge to read, even in a supposedly private environment. For instance, small firms occasionally publish their bank details online for easy payment, even though this data could be harvested by anyone.
Keep logins safe:
Since doxing often involves financial motivation, protecting corporate accounts is especially important. Use two factor authentication wherever possible, and choose obscure login credentials. Never reuse the same password across multiple platforms, and instantly close any accounts belonging to former employees. Changing company-wide passwords when a staff member leaves isn’t a bad policy, either. Ensure corporate data is securely hosted on a protected server or offline hard drive, keep antivirus software up to date, and use a virtual private network.
Conceal public information:
Doxers often obtain information through a WHOIS search, since personal details have to be registered as part of web domain ownership. It’s usually possible to pay a domain registrar a little extra to conceal registration details, though this is far more effective preemptively than retrospectively. If your company is involved in sensitive activities, it might be worth using a PO Box for a head office address. Conduct web searches for data strings you’d rather keep private, and contact site administrators to request deletion of publicly visible content. Many aggregator sites scrape content from other portals, republishing it without permission.
Stay Smart:
Finally, stay vigilant and try to avoid publishing anything you wouldn’t want a rival or anonymous criminal to read. After all, prevention is always better than cure.