As the CEO of a leading healthcare analytics company, our client understands the critical importance of safeguarding personal data in an industry frequently targeted by cyberattacks. His company works with patient protected health information (PHI) to improve health outcomes for patients, enhance operational improvement for health systems, and increase patient access for health systems—a role that demands stringent data protection measures.
These responsibilities were brought into sharper focus by his own encounters with vulnerabilities created by data brokers. The client’s personal experience with identity theft, coupled with his employees being targeted by SMS-phishing messages, underscored the urgent need to protect the personal data of himself, his family, and his employees from exploitation by malicious actors.
Data broker dangers & the need for Optery
“Years ago, someone created a fake driver’s license, opened utilities, and applied for $50 million in COVID-era PPP loans in my name. This really opened my eyes to the dangers of data brokers. They have created a ripe environment for this kind of thing,” the CEO recalls. “I was also seeing that bad actors were regularly targeting my employees with spear-phishing campaigns via text messages. The level of effort and sophistication that the bad guys employ in their reconnaissance and impersonation campaigns is impressive. I knew I needed to minimize my team’s exposure if I wanted to reduce the risk to my employees and my company.”
Always on the lookout for innovators in data security, the CEO was introduced to Optery. “A friend of mine passed Optery on to me. The need for Optery’s service is very high, and I had been waiting for a company like this for years,” he said. “I like what Optery represents and have been a longtime client.
I think of Optery as an American way to achieve GDPR-like privacy protections. As a country, we don’t have GDPR, but states have started enacting privacy laws, and this has paved the way for what Optery does,” he explains, referring to the company’s role as an authorized agent that helps individuals exercise their privacy rights under these new laws.
The value of Optery
By using Optery to reduce the visibility of his employees across data broker sites, the CEO aims to protect their data from being leveraged in social engineering attacks. “I use Optery to protect my company by protecting extremities such as my technical staff from being targeted. Years ago, my data access was taken away. There’s no payday for an attacker if they target me—I purposely don’t have the access they want. But there are a small number of people on our team who, if they click the wrong link, there could be a breach. In some ways, protecting my team is more important than protecting our C-suite. The attackers can cause more damage through an engineer than a COO,” he advises.
The client emphasizes how crucial Optery’s continuous monitoring and removal efforts are in combating the practices of data brokers. “I refer to Optery as a ‘persistent subscription.’
Data brokers are trying to monetize all of us, so there is a financial incentive for them to get profiles back up quickly. Optery’s service is essential for countering this practice and staying on top of it,” the CEO states.
The CEO also highlights how Optery can help in managing cyber insurance costs. “SaaS companies face rising cyber insurance premiums due to increasing cyber threats, particularly those involving social engineering, as more and more people click on malicious links. Optery can help businesses lower their cyber risk profiles by removing exposed personal data, which can in turn reduce their insurance costs. Using Optery tells insurance carriers that your business understands the risk and is proactively minimizing its exposure,” he explains. Insurance underwriters look for evidence of comprehensive cybersecurity measures, such as those recommended by the NIST Cybersecurity Framework. This framework includes the ‘Identify’ function, which helps organizations understand their cybersecurity risks, and the ‘Protect’ function, which outlines safeguards to mitigate those risks. Proactive actions like minimizing employee data exposure to prevent PII-based attacks are inherently supported by these functions, and can result in lower premiums.
Reducing visibility reduces risk
Reducing personal data exposure reduces the attack surface for a wide range of PII-based threats. Recognizing the power of minimizing online presence, the CEO underscores the significant impact Optery has had on his company’s security posture. “Optery protects my company by protecting my people from being targeted. When you minimize your visibility, threat actors will move on to other companies,” the client said. Through using Optery, the CEO has noticed a tangible reduction in his own online visibility. “If I google my name, I can see my exposure is reduced. But data brokers are persistent in republishing information and this ongoing challenge is why I’m happy to be a lifelong Optery supporter,” he concludes.
Optery’s enterprise-grade personal data removal service is a game-changer for companies seeking to proactively reduce their risk of social engineering attacks and other PII-based threats.
By diminishing the online exposure of key individuals within the organization, Optery helps reduce the risk of targeted attacks along with the risk of breaches. For the CEO and his healthcare analytics company, Optery has become an indispensable partner in the fight against personal data exploitation.