Digital profile of the organization. What to look out for regarding information about your company?


The digital era brings opportunities as well as threats. and not only in the ordinary digital life of individual users, but in the digital presentation of business entities. The profiles of a company and its employees are becoming increasingly used as a valuable source of information for hackers who want to steal resources or know-how. How do they do it and what should you look out for?   

Digital profile

Anything that a company employee writes about themselves in the virtual world in their free or work time (be it social media, e-mails, online surveys, or professional profiles) can serve as a piece of a puzzle which can help an attacker detect the weak and vulnerable sides of its victim, in this case, the company. 

Open-source intelligence is a general term for a set of methods that attackers use to collect information about their target in order to acquire a profile through which they can steal money or other valuable assets, such as know-how. They can obtain substantial information from what users reveal about themselves on the internet, including their residence, employer, place of work, but even their work schedule or details about work processes.    

It is not uncommon for users to upload photos on their professional or personal profiles; such photos can reveal the kind of internal software a company uses, its physical or virtual security systems and how log-in methods into company systems are implemented. In extreme cases, social media users take pictures of themselves with employee access cards around their necks. They don’t realize that the attacker can gain access authentication keys as well as information about the employee and the card issuer.

Many people make the mistake of not separating their personal and professional digital traces. Employees, but also managers and heads of offices use their company e-mail addresses or identical sign-in information during their personal digital activities as well when subscribing to newsletters, social media, or responding regarding participation in events.

In extreme cases, social media users take pictures of themselves with employee access cards around their necks. They don’t realize that the attacker can gain access authentication keys as well as information about the employee and the card issuer.

security threats for companies

Companies themselves negligently create digital profiles. They underestimate the sensitivity of information in their marketing content and presentations frequently contain details of their work procedures or the environment in which they work. The information is available from published photos or PR reports in which they divulge information about company software solutions and the status of ongoing projects.

Companies also underestimate the threat of attacks in the form of external access. For example, they make internal files and databases available to external users who are in no way vetted and will not be seen again during interviews or internships.

Through the open-source intelligence method, the attacker will prepare a detailed profile of the company which they plan to attack. They can blackmail the company, steal money from company accounts or acquire know-how and other information.  

7 principles for a secure digital profile: 

1. The least amount of information possible

Do not publish unnecessary personal and company information on the internet.  

2. Limited extent of information

Do not provide complex information. If you are presenting the results of a project, do not reveal how and where it was created. If you are talking about profits, achievements and property, do not reveal anything about where they are and how they are protected.

3. Do not share security information

Don’t mention parts of your login usernames or passwords in other login credentials on the internet. Watch out for photos which could reveal security devices and protection regimes (such as security cameras or antivirus software) 

4. Do not make systems available to unauthorized people

Do not let “outsiders” into internal company systems without verifying their identity. Do not allow them even seemingly harmless accesses to the company computer net.  

5. Do not connect personal life with company information

Keep your personal and company content separate. Do not publish details about where you work and what you do in the same places where you present your private life. Do not use company information during personal activities.

6. Maintain data hygiene

Clear data from your databases. If you are signed-in on social media you no longer use, request the deletion of your information. If you have e-mail services you no longer use, delete them. 

7. Separate PR and sensitive information 

During a company presentation display only the necessary details about your work environment and modes of operation. Don’t show off when presenting achievements. This behavior attracts attackers. 


What could interest you

Is personal data protection still topical?

January 28th is Data Protection Day. It is the day we remember the importance of protecting the most valuable thing we have, our data.

Password as the First Instance of Protection

Did you know that every 39 seconds a hacker attack takes place, over 2,600 personal records are stolen every minute and that cybercriminals make more money than the trade in drugs?

Data Protection in the Times of the Coronavirus. 7 Tips on How to Share Work Safely

The economy is undergoing significant transformations in this time of the spread of the Coronavirus.