Doxxing incidents like the Ashley Madison data breach and the Sony Pictures hack reveal that, in this hyperconnected world, everyone from individuals to organizations is vulnerable. You need to take precautions so your business doesn't fall prey.
In these hyperconnected times, companies are facing a common dilemma: keeping corporate data safe while building a digital brand. Cybercriminals are increasingly targeting businesses today, not to steal account information or credit card numbers to commit fraud, but to get their hands on as much data as possible and publish it for the entire world to see.
In this article, we'll take a look at what doxxing is, how it's done, why companies should be concerned about it, and how to avoid it.
What is doxxing?
The practice of gathering and stealing information about a company and indiscriminately disclosing it all on the internet is known as organizational doxxing. It can be carried out by corporations seeking to disrupt the business of a rival, or by cybermobs looking to extort money with the threat of releasing corporate data.
How is it done?
Doxxers' methods are similar to those of whaling or phishing scams, where employees are tricked into responding to a forged email infected with a virus or malware. However, information may also be gathered from public sources on the internet – aka open-source intelligence gathering.
Why should companies be worried?
The answer is simple: Anything connected to the internet is always vulnerable to hacking. Companies store their corporate secrets and data on networks, which are easy to hack given the multiplicity of platforms and locations they're accessed from. Not to mention that large organizational networks are harder to secure and easier for cybercriminals to compromise. So, if anyone skilled and motivated wants to steal a company's data, it's likely that they will succeed.
Furthermore, there could be severe reputational and financial repercussions of a doxxing incident, such as the loss of potential and existing customers, class-action lawsuits and fines, or even a complete shutdown of business operations for an indefinite time period.
Some real-life doxxing examples
Consider the following real-life examples to better understand doxxing and the effect it can have on a company.
Ashley Madison hack
In the Ashley Madison incident, a group of anonymous hackers called The Impact Team stole and leaked around 25GB worth of company data. Though the incident ended marriages around the world and led to the suicide of three Ashley Madison users, the primary target – according to the hackers – was the company, because of its deceptive practices.
Sony Pictures hack
In the Sony Pictures hack, a hacker group called Guardians of Peace stole and published gigabytes' worth of emails from the film studio. However, this was merely a part of a larger doxxing initiative, a hack with the alleged goal of getting back at the studio for making "The Interview," a movie that parodied the supreme leader of North Korea, Kim Jong-un.
How to avoid doxxing
With that out of the way, it's time to discuss the steps companies can take to prevent doxxing, which is one of the fastest-growing cybercrimes.
1. Beware of phishing attempts.
A doxxer can check the WHOIS of your company's domain and collect personal information, such as phone numbers, email addresses, physical addresses, the domain's owner and, if it's public, the server's name. They can find out who works at your company by typing the domain name on Google and then target them with a phishing attack. Therefore, it's imperative that you train your employees about how to avoid becoming a victim to phishing scams.
2. Secure company accounts.
Your company's online and corporate accounts can also be targeted, so protecting them from doxxers is extremely important. We'd recommend using two-factor authentication wherever possible, and make sure to immediately close any accounts that belong to ex-employees.
Use complex passwords across multiple platforms, and consider hosting corporate data on a virtual private server (VPS) if you haven't already. It's like having your own dedicated server and will isolate you from any doxxing attacks.
3. Protect your IP address.
An employee's IP address can easily be sniffed out by IP loggers, which are usually disguised in an email or message. Once that message is opened, the IP address is not only tracked but also sent back to the doxxer.
Here, protecting your company network with a VPN would do the trick. These services change your IP address to that of any country and secure your traffic with strong encryption to prevent anyone figuring out your IP address.
In today's always-connected and transparent digital world, doxxing incidents like the Ashley Madison hack and the Sony Pictures data dump will only continue to grow. While legal battles demand convincing presentations of evidence, cybermobs decide the fate of their victims without any regard for the consequences.
Keep in mind that one doxxing attack is all it takes to ruin a brand's reputation, so it's crucial that you take the necessary measures to avoid doxxing and the negative impact it can have on your company.