ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Compliance and Risk

Executive Privacy Breaches: Serious Risks for Banks

February 4, 2021
Reading Time: 4 mins read
Executive Privacy Breaches: Serious Risks for Banks

By Rich Matta

A bank’s brand is built on reputation and trust. In the interest of protecting these priceless assets, most banks are continuously upgrading and hardening virtually every aspect of their information security defenses.

Awash in layers of systems, policies, training sessions, audits and every other security solution imaginable, banks sometimes overlook one of the most basic yet menacing threats lurking right under their noses: the online personal information of their executive team. Increasingly, protecting the bank and its customers necessarily includes guarding the privacy of the bank’s executives, whose personal information is highly exposed online.

It’s no secret that executives are the most common and valuable targets for cyberattacks because they have the highest public profile, the most authority and the broadest access to sensitive information within the bank. Attackers exploit personal information to phish, dupe or impersonate bank executives online or sometimes even to locate them in the physical world.

Criminals do not need to bother scouring the depths of the dark web to dig up this personal information—it’s sitting right on the clear web for all to see. There are well over 100 large people-search sites and data brokers in the U.S. whose entire business model depends on gathering personal information from public records, plastering this information online and selling it for a quick buck or a few monetized ad impressions. With a simple Google search of a person’s name, plus their city of residence or the word “address,” one can easily locate home addresses, email addresses, phone numbers, streets where people grew up, high school mascots, mothers’ maiden names, children’s and relatives’ names, and more.

Online vulnerabilities in the wake of the pandemic

As you probably know, the problem is only growing. According to the Modern Bank Heists 3.0 report, cyber attacks targeting banks have increased 238 percent in recent months. Unfortunately, the generic phishing emails you can easily spot in your spam folder are not the most dangerous problem. The biggest threat comes from highly personalized and believable executive spear-phishing schemes that can fool even the most cautious individual.

A common example of this type of attack is a “fake flight” confirmation email that uses the actual details of an executive’s upcoming trip to trick the target into opening a malicious attachment or link. According to a 2019 FBI Internet Crime Report, business email compromises and social engineering attacks like this cost enterprises $1.7 billion in 2019.

Attacks like these are much more likely to succeed if someone gains access to an executive’s personal details. A common attack might start with finding an executive’s personal email address on a people-search site, phishing their password with a targeted email to their personal inbox and then attempting to use this stolen password to gain access to bank systems.

If you are uncertain how this works, take a look at how hackers spear-phished John Podesta, chairman of Hillary Clinton’s 2016 presidential campaign, by targeting his personal Gmail account and then re-using the stolen password to access his entire history of email conversations with other senior officials and politicians. Around the same time, Vice President Mike Pence experienced this same kind of attack on his personal email account.

For a typical executive, privacy services tend to find and remove between 300 and 1,000 instances of personal information across more than 100 people-search and data-broker sites, helping to make covered executives much harder targets. Removing personal information is also important because it helps secure the physical safety of the executive and his or her family, making it much harder for bad actors to target them in person.

An investment too costly to ignore

The rapid rise in state-sponsored cyber attacks is just one reason why investing sufficient time and resources into executives’ privacy is a cost-effective risk-management strategy. In fact, a recent warning from a collection of U.S. government agencies found that a North Korean group stole tens of millions of dollars in 2020 alone in the wake of the COVID-19 pandemic. Though state-sponsored attacks may only account for an estimated 10 percent of cyber attacks, they can be especially difficult and costly for banks to stop.

A 2019 report from Accenture and the Ponemon Institute points out that the cost to address and contain cyber attacks is greater for financial services firms than for companies in any other industry, and the containment costs are only continuing to rise. Additionally, the report found that investments in security intelligence and threat-sharing technologies have an estimated annual return on investment of 22.5 percent.

Smaller banks, which often have fewer resources to defend against sophisticated cyberattacks, are even easier to infiltrate. Earlier this year, the Federal Reserve Bank of New York warned that a cyberattack on a subset of small or midsized banks could have a domino effect on larger banks.

Proactive steps banks can take

One of the best defensive actions is to scrub the internet of the personally identifiable information that cyber criminals can use to mount such attacks. Here are three ways to do so:

1. Google your executives regularly. Find out what the attackers will learn when they search. What information, from addresses and charity causes to other interests, can criminals use to dupe others?

2. Have your executives opt out of people-search sites. This can be an arduous and confusing process, but it’s an important one to take. Data is the most valuable stock that is being traded online every second.

3. Have your executives (and their families) lock down their social media privacy settings. This can help reduce the digital breadcrumbs that attackers use to sniff out the most personal details.

Some people assume that without a long-awaited federal data privacy law, true privacy protection is impossible. This may be true in an academic sense, but it’s simply not true in practice. By protecting your executives and helping them control their own personal data, you can significantly reduce the risk of criminals finding a way into your bank’s systems—a move that will preserve invaluable customer trust and goodwill in the long run.

Rich Matta is a data privacy advocate and chief executive officer of ReputationDefender, a global digital privacy and online reputation management firm.

ADVERTISEMENT
Tags: CybersecurityOnline reputation managementPhishingSocial engineeringSocial media
ShareTweetPin

Related Posts

Fifth Circuit grants ABA mandamus, vacates transfer order for second time

ABA, CBA support maintaining confidentiality of CFPB nonbank risk determinations

Compliance and Risk
June 12, 2025

The American Bankers Association, joined by the Consumer Bankers Association, expressed support for the Consumer Financial Protection Bureau’s proposal to maintain the confidentiality of decisions to exercise the agency’s supervisory authority over a nonbank entity that may pose...

ABA experts see reasons for optimism amid economic, regulatory uncertainty

ABA experts see reasons for optimism amid economic, regulatory uncertainty

Compliance and Risk
June 11, 2025

The Trump administration has rolled back a broad range of banking guidance and regulatory proposals made in the last few years, and while bankers are used to regulatory whiplash when administrations change, it is possible some of changes...

ABA’s Nichols: Banking sector seeing positive policy developments

ABA’s Nichols: Banking sector seeing positive policy developments

Compliance and Risk
June 11, 2025

The banking sector has seen many constructive, positive policy developments at the federal level so far this year, and top officials have expressed their willingness to work with and engage with bankers on those issues, ABA President and...

Report: Synthetic identity fraud on rise

ABA Fraudcast: Federal data points to need for united response to fraud

Compliance and Risk
June 11, 2025

Telecoms and Meta are avoiding addressing serious challenges. And it's time to set up a family password.

Fighting the Rise in Ransomware Attacks: The Value of Breaking Through Silos

Key questions and decisions bankers face in response to ransomware attacks

Cybersecurity
June 10, 2025

ABA has recently convened panel discussions and a simulation to highlight important challenges bankers will likely encounter.

OCC issues statement for banks on recent data breach

Trade groups: Financial agencies’ handling of data needs ‘significant reform’

Compliance and Risk
June 9, 2025

Financial institutions are legally required to share sensitive, proprietary and nonpublic information with their regulators as part of the supervisory process. This information can range from capital and liquidity management to cybersecurity protocols. Centralizing large amounts of data,...

NEWSBYTES

In 90th anniversary year, Stonier graduates 182

June 12, 2025

ABA, CBA support maintaining confidentiality of CFPB nonbank risk determinations

June 12, 2025

Survey finds high customer satisfaction with banking apps

June 12, 2025

SPONSORED CONTENT

AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025
Six Payments Trends Driving the Future of Transactions

Six Payments Trends Driving the Future of Transactions

March 15, 2025

PODCASTS

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025

Podcast: What bankers need to know about ‘First Amendment audits’

June 5, 2025

Podcast: Accelerating banking for quick-service restaurants

May 8, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.