Doxxing

Posted on by
doxxing cybrary

Secure your business with CyberHoot Today!!!

Sign Up Now

Doxxing is the act of revealing identifying information about someone online, such as their real name, home address, workplace, phone, financial, and other personal information. That information is then circulated to the public without the victim’s permission.

While the practice of revealing personal information without one’s consent predates the internet, the term doxxing first emerged in the world of online hackers in the 1990s, where anonymity was considered sacred. Feuds between rival hackers would sometimes lead to someone deciding to “drop docs” on somebody else, who had previously only been known as a username or alias. “Docs” became “dox” and eventually became a verb by itself (without the prefix “drop”).

The definition of doxxing has grown beyond the hacker community and now refers to personal information exposure. While the term is still used to describe the unmasking of anonymous users, that aspect has become less relevant today when most of us are using our real names on social media.

Doxxing attacks can range from the relatively trivial, such as fake email sign-ups or pizza deliveries, to the far more dangerous ones, like harassing a person’s family or employer, identity theft, threats, other forms of cyberbullying, or even in-person harassment. Worse still, when someone is doxxed they can become a target of malicious individuals with a Swatting attack. This is where a malicious person reports a bomb threat at a dox location or worse, calls police to report an active shooter and to send the “Swat” team onsite guns drawn. This can have tragic consequences are seen in this article here.

What does this mean for an SMB or MSP?

Doxxing is a difficult attack to combat, as your personal information is often already out there ready to be used against you. One thing that your organization can do is have employees follow the steps in this CyberHoot blog article that allows you to sometimes remove your personal information from Google search results. This not only helps prevent Identity Theft but also helps prevent a doxxing and or swatting attack down the road. While the article can help you remove certain information from Google’s Search Engine, it won’t cover all your bases; consider taking action on the items listed below to help keep you and your business secure. 
 

CyberHoot’s Minimum Essential Cybersecurity Recommendations

The following recommendations will help you and your business stay secure with the various threats you may face on a day-to-day basis. All of the suggestions listed below can be gained by hiring CyberHoot’s vCISO Program development services.

  1. Govern employees with policies and procedures. You need a password policy, an acceptable use policy, an information handling policy, and a written information security program (WISP) at a minimum.
  2. Train employees on how to spot and avoid phishing attacks. Adopt a Learning Management system like CyberHoot to teach employees the skills they need to be more confident, productive, and secure.
  3. Test employees with Phishing attacks to practice. CyberHoot’s Phish testing allows businesses to test employees with believable phishing attacks and put those that fail into remedial phish training.
  4. Deploy critical cybersecurity technology including two-factor authentication on all critical accounts. Enable email SPAM filtering, validate backups, and deploy DNS protection, antivirus, and anti-malware on all your endpoints.
  5. In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections) or prohibiting their use entirely.
  6. If you haven’t had a risk assessment by a 3rd party in the last 2 years, you should have one now. Establishing a risk management framework in your organization is critical to addressing your most egregious risks with your finite time and money.
  7. Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.

Each of these recommendations, except cyber-insurance, is built into CyberHoot’s product and virtual Chief Information Security Officer services. With CyberHoot you can govern, train, assess, and test your employees. Visit CyberHoot.com and sign up for our services today. At the very least continue to learn by enrolling in our monthly Cybersecurity newsletters to stay on top of current cybersecurity updates.

For more info, watch this X min video on Cybrary Term.

Sources: 

Kaspersky

U.S. News

Additional Reading:

Doxxing of Supreme Court Justices

Google Assisting in Removal of PII and Doxxing Content from Searches

Related Terms:

Personally Identifiable Information (PII)

CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like: 

Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.