An aggravated consumer, industry rival, former employee or another person who is upset with your company may try to exact revenge by use of “doxing” — the practice of gathering a person or entity’s personal information and publishing it online. This may include sensitive information about the finances, health, residence, political affiliation, family and private lives of executives and employees at targeted organizations. Whether performed by an experienced hacker or an amateur sleuth, doxing can take a serious toll on a company, leaving it and its employees vulnerable to embarrassment and possible financial injury.

Doxing is distinguishable from defamation, which is the publication of false information about a person or entity. The danger from doxing is that the information released is true but sensitive. Unfortunately, there is a wealth of data that can be legally obtained online by clever searchers.

Fortunately, there are ways to help prevent hackers from finding the information they want. Cyber security professionals recommend the following actions:

  • Provide digital security training for employees — Create standard protocols for Internet activity and teach information-protection practices to employees. This helps prevent the release of information that should remain private.
  • Limit what is shared on social media — People with bad intentions can latch onto one detail your employee posts online and use it to uncover much more about the person’s life. Changing social media privacy settings can limit access to identifying data points — like addresses, employers, schools and email addresses — making it harder to track you on other platforms.
  • Use encryption tools — A hacker who accesses someone’s computer system may obtain important data and metadata from documents like Word, Excel and Powerpoint files. Documents and communications should be encrypted to keep their contents virtually inaccessible to anyone except the intended recipient.
  • Use strong passwords and vary them — Passwords are the keys to your data online, yet many users favor simple passwords that are easy to remember and, worse, include identifying information. Security experts recommend long passwords with a mix of numbers, symbols and upper- and lower-case letters. Also, use different ones for different accounts.
  • Update computer security — Internet firewall and antivirus software should be frequently updated. New versions are issued frequently to keep ahead of hackers that learn to exploit security weaknesses and mine hard drives for data.

Doxing may warrant civil legal action or criminal charges, depending on the type of information released, the means used to acquire the information, the intent of the publisher and the reputation damage or other harm inflicted.

The business law attorneys at Hemmer DeFrank Wessels, PLLC help clients in Kentucky, and Ohio safeguard their businesses from the potential fallout of cyberattacks. We also provide legal guidance on how to respond when your company becomes a victim of doxing. To schedule a free initial consultation with our firm, call Stephanie at [ln::phone] or contact us online.