Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/

Want to listen to other episodes? www.Federaltechpodcast.com

It is difficult to pinpoint an exact number, but some statistics show an executive is five times more likely to be attacked than a regular employee. It makes sense. If you receive a suspicious email from a fellow employee, do not respond. However, if you receive an email from the CEO, you are more likely to react more aggressively.

In today's interview, Richard Fleeman and Ricky Freeman from Fortreum Labs discussed the increased risk executives face, citing a 74% human error rate in breaches.

How do malicious actors get personal information on an executive? Sometimes, leaders are too active on social media and, for example, post when they are on vacation. If an employee gets fooled, he may transfer assets online.

Okay, we know ransomware is on the rise drastically, and companies are vulnerable – what can an executive do to prevent this activity?

Richard Fleeman observes that once the money is transferred, it is exceedingly difficult to find a resolution. He suggests that prevention is the best approach.

Start with social media and see if you are revealing your email or confidential information. Some call this oversharing. Multi Factor Authentication is a terrific way to limit access to your accounts.

People often use the same password. Humans tend to repeat passwords. "Password spraying" can be used to break into accounts.

Fortreum offers a service to help executives avoid these common pitfalls. They can start with publicly available data and then move onto the dark web.

Ricky Freeman notes that attacks like the OMB breach often result in data for sale on the dark web. He has developed tools that enable the scraping of the dark web to determine if an executive can compromise sensitive information.

Hard to expunge – easier to opt out Dark web. Even if your compromised information is extant on the dark web, you may not be able to do anything about it.

Fortreum's services include manual testing, attack surface analysis, and dark web scraping to identify vulnerabilities and provide recommendations.

You can get an idea of your vulnerability by taking advantage of guides to see if you are exposed.