March 2025 - The Relationship Between Physical and Digital Security

Digital and physical security are more intertwined than ever. As bad actors scour the internet for personally identifiable information, particularly malicious actors may use this data to seek out their intended targets, whether it is at their home, where they work or where they are traveling.

C-suite executives, board members and other high ranking individuals are among those bad actors may target for a number of reasons. They may be people with heightened public profiles, and depending on what they do for work, may also have more people who seek to target them.

Security professionals are often tasked with protecting their organizations from digital harm, but unfortunately, they should also start to consider how they can protect these high-level individuals from physical threats as well.

That’s not to say that digital security needs to be deemphasized in favor of physical security. Instead, it’s important to establish and communicate the relationship between digital and physical security to those who may be targeted by those with bad intentions.

Physical and Digital Security Are Two Parts of the Same Puzzle

To start, security professionals should highlight the relationship between one’s digital security and their physical security.

Bad actors are always looking for personally identifiable information, and they will look for it in a number of different places. They could search a person’s social media profile to see if they have tagged their locations in any posts, or they could purchase information from a data broker.

Bad actors may even go in reverse, and look up a company’s website and see who is part of its executive team and go from there.

These malicious individuals want to know where their targets will be. They will try and find out where they live, where they work, as well as where members of their family may be at any given time. It doesn’t just stop at a normal routine either. Bad actors may try and find out where an executive is traveling to make their move as well.

And what that move could be may vary. They may stalk their target, harass them, and in worse case scenarios, commit acts of violence as well.

Or, they may leave it to someone else to do their dirty work. Doxxing occurs when the PII of a given individual is leaked online. Say, for example, someone were to leak the home address of a CEO, anyone could go and find the executive. This could lead to a break in, where valuable assets may be stolen, or again, acts of violence can occur.

Or, if they were to discover a travel itinerary, they may wait until the executive is somewhere with lax security measures in place, where they could strike.

How to Address Digital and Physical Security Concerns

To keep your executives safe, security professionals should consider measures to shore up both executives’ digital and physical security. This can be done in a number of ways:

• Secure all accounts with strong passwords and multifactor authentication. Bad actors may try to compromise unsecured accounts to discover PII. By locking these accounts down, bad actors will have to turn elsewhere.
• Update devices to ensure they cannot be breached by unknown individuals who seek to gain access to sensitive information.
• Advise against oversharing on social media and lock down these accounts. Bad actors will scour social media for personal information as well. In these cases, they will look for location information tagged on certain posts. Advise your executives to limit sharing location information on social media, and recommend setting their accounts to private. That way, only approved individuals can see whatever is posted.
• Fill out data broker removal requests to have identifying information removed from the broker’s website. BlackCloak files continuous data broker removal requests on behalf of our clients, as data brokers are under no obligation to keep the information off their websites permanently.
• Strengthen your workplace security protocols by ensuring everyone knows about any and all emergency procedures and evacuation places. Stay alert to suspicious behavior and ensure your office has surveillance cameras, access controls and emergency response teams in place.
• Tell your executives to never share travel details publicly. Executives should only share their travel itineraries with trusted colleagues or family members.
• When traveling, consider having high-profile executives travel with a security team or body guard. This could particularly be relevant for anyone who is in a position of high risk, and may depend on where the executive is traveling.
• Additionally, install personal safety applications on executives’ devices when they travel. In the event of an emergency, an executive could send an alert to an emergency contact or law enforcement.
• Consider removing leadership pages from your website. Again, if a bad actor has a grievance against your organization, they may look up who makes up the leadership team. They could take those names and begin searching for more PII, or, they may stalk the executive by waiting for them to appear or leave the building.

It is incredibly difficult to ensure the safety of an organization and everyone within it at all times, but the effort is ultimately worth it. High ranking individuals are legitimate targets, and the actions bad actors may take upon them could range from mild harassment to the loss of life.

While it may not be easy, by taking these steps, security professionals can let executives know a lot of mechanisms are in place to make sure they are safe.