An aggravated consumer, industry rival, former employee or another person who is upset with your company may try to exact revenge by use of “doxxing” — the practice of gathering a person or entity’s personal information and publishing it online. This may include sensitive information about the finances, health, residence, political affiliation, family and private lives of executives and employees at targeted organizations. Whether performed by an experienced hacker or an amateur sleuth, doxxing can take a serious toll on a company, leaving it and its employees vulnerable to embarrassment and possible financial injury.
Doxxing is distinguishable from defamation, which is the publication of false information about a person or entity. The danger from doxxing is that the information released is true but sensitive. Unfortunately, there is a wealth of data that can be legally obtained online by clever searchers.
Fortunately, there are ways to help prevent hackers from finding the information they want. Cyber security professionals recommend the following actions:
- Provide digital security training for employees — Create standard protocols for Internet activity and teach information-protection practices to employees. This helps prevent the release of information that should remain private.
- Limit what is shared on social media — People with bad intentions can latch onto one detail your employee posts online and use it to uncover much more about the person’s life. Changing social media privacy settings can limit access to identifying data points — like addresses, employers, schools and email addresses — making it harder to track you on other platforms.
- Use encryption tools — A hacker who accesses someone’s computer system may obtain important data and metadata from documents like Word, Excel and Powerpoint files. Documents and communications should be encrypted to keep their contents virtually inaccessible to anyone except the intended recipient.
- Use strong passwords and vary them — Passwords are the keys to your data online, yet many users favor simple passwords that are easy to remember and, worse, include identifying information. Security experts recommend long passwords with a mix of numbers, symbols and upper- and lower-case letters. Also, use different ones for different accounts.
- Update computer security — Internet firewall and antivirus software should be frequently updated. New versions are issued frequently to keep ahead of hackers that learn to exploit security weaknesses and mine hard drives for data.
Doxxing may warrant civil legal action or criminal charges, depending on the type of information released, the means used to acquire the information, the intent of the publisher and the reputation damage or other harm inflicted.
If you or your company has been doxxed, you should consult with an attorney to see what can be done to limit the damage to your reputation and hold the bad guys responsible. But it is far better to avoid the problem in the first place by being careful about your online activities and how you or your business share information with others.
Todd V. McMurtry is a Member at Hemmer DeFrank Wessels, PLLC. He is a commercial trial attorney and Harvard trained mediator. You can reach him at (859) 344-1188 or tmcmurtry@hemmerlaw.com.