The internet is a vast repository of information, and a determined person can dig up almost anything. For example, journalist Osman Faruqi’s real phone number ended up on Facebook, resulting in harassment.
Being ‘doxxed’ is a hazard, particularly for public figures, but the fact is that most of the time, hackers or enemies with a grudge aren’t the main culprit for privacy leaks. In many cases, it’s a simple matter of having forgotten you ever made that post or posted that information until it comes back to haunt you later. Personal information finds its way onto the internet through multiple channels, and once something is on the internet, it is hard to make it go away.
Additionally, there can be issues with outdated information causing problems. For example, somebody is trying to find your company and they find an old social media page that hasn’t been monitored in a while. When their message goes unanswered, the potential customer goes elsewhere.
Here are some steps you can follow to deal with private information that is floating around in public:
1) Be careful what you post in the first place. For example, you should not post personal mobile phone numbers. Train your employees and clients not to post personal information to the internet, but rather send it privately to the specific requester. Another thing to be careful of is information getting inadvertently posted with content. Double check blog posts before you send them live to make sure they don’t have a lingering phone number, email address or, for that matter, inappropriate language from an earlier draft. If you must post a mailing address, use a PO box or office address, never a personal one.
2) Check to make sure you haven’t been hacked. For individuals, the site haveibeenpwned.com records data breaches and allows you to check if you have a compromised account so you can change the password immediately. Popular sites are the most likely to be breached, so change your password on those regularly. This includes things like Facebook, LinkedIn, etc.
3) Always use a strong password. If you can’t remember strong passwords, a good password manager is your friend. You can require employees use a password manager, which will generate appropriate passwords for them. You can also use two-factor authentication.
4) Don’t put anything in social media profiles, regardless of privacy settings, that you wouldn’t want to go public. You have little control over tech giants deciding to change their privacy settings and defaulting things to public.
While Facebook constantly tries to nag you to provide your phone number, this is one way mobile phone numbers can end up publicly accessible. Consider carefully which apps you link to your social media account. Link only apps you need and be wary of anything that wants to post on your behalf. It’s very easy to accidentally post to ‘public’ on Facebook when you meant a more limited audience if you’re using third party posting apps.
Public figures should be especially wary, as they are particularly vulnerable to coordinated attacks based off tweets or Facebook posts/comments they may have made ten years ago.
5) Consider simply deleting Facebook posts and tweets by a cut-off date. For Twitter in particular, posts tend to be in the moment and ephemeral, and may not be relevant in the future. Deleting anything more than few months old can prevent people from going through your old posts looking for ammunition or finding outdated information that could be embarrassing. For government entities, frequent deletion of posts may not be an option, but hiding or removing occasional posts with outdated information from public view is generally considered acceptable.
By using an archiving tool such as Brolly, you can preserve a record of all your deleted tweets, posts, and comments without needing them to remain on your profile. This will save you significant time keeping manual records while ensuring you retain the ability to recall deleted posts if required – this is especially helpful if someone has an out-of-context screenshot of one of your old deleted posts, and you need to provide clarification.
6) Hunt for posts with personal information or other problems and hide or delete them. If you want your archive of posts to stay in the present, you can use an archiving tool like Brolly that will go through your pages and search for keywords. For example, you could enter your phone number as a keyword and pick up any posts that contain it. You can do this after changing your number or if you realise your personal number got posted. If you are changing from using a personal phone line for a business to a business line, this can be particularly useful.
For your website, you can search through blog posts by doing a site-specific search on Google or your favourite search engine. Simply put site:domain.com before the keyword.
7) Google yourself and your company regularly. By doing a search on yourself you may spot an issue before it becomes too significant.
If you have been doxxed, you may have to change your phone number and email address. If the thought of running into negative things about you makes you upset, then you can delegate this task to a level-headed subordinate. How often you should search depends on how public you are, and the likely volume of new material associated with your name or your company. It may be anywhere from monthly to daily.
The best way to deal with privacy damaging posts is not to make them in the first place, but we all know this is easier said than done. The second best is to regularly go through and make sure those old posts are deleted, hidden, or monitored. Using an archiving tool like Brolly is the best way to manage your old social media posts and make sure that you are not leaving things in public domain that are best kept private. If you have concerns about protecting your business’ social media posts, including your historical data, then sign up with Brolly today. We offer a free trial of our archiving service, which is designed to protect privacy, make managing social media easy, and help you comply with Australian law.