⚡ Get All Content for 20% Off ⚡

How Dorkable Is Your Business? Many companies make a critical security mistake -- simply because they don't even know it's a threat at all.

By Chris Hadnagy

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

REUTERS | Kacper Pempel

It's no surprise that businesses often make basic mistakes when it comes to cybersecurity. Whether it's using "password" as a password, not having a firewall set up, forgetting to run security updates on the operating system, giving employees too much access to critical data -- the list goes on and on.

But there's another mistake companies often make, simply because they don't even know it's a threat at all: exposing sensitive information to Google "dorking."

Google dorking, or Google hacking, is one way malicious hackers can gain access to valuable information about a company. It involves using advanced commands in Google to find specific data sets that companies, as well as government agencies, have unwittingly made accessible by storing them on public-facing web servers.

These files aren't easily found by the average person, however, anyone who knows how to perform a specialized web search can retrieve them in a matter of minutes. The type of information exposed to this type of search can include user logins and passwords, email lists, employer identification numbers (EIN), bank accounts, software settings, etc.

Exposing this information is dangerous, because it can pave the way for phishing email attacks, network breaches, financial fraud and much more. In fact, many sophisticated phishing campaigns rely on this type of open-source intelligence to create customized, highly convincing emails for targeted employees and executives. The threat is so severe the Department of Homeland Security issued an alert last year to law enforcement and public safety agencies, warning them about the potential risk of data breaches specifically due to Google dorking.

Related: 5 Tips to Protect Your Business From Hackers

So, how does a company become vulnerable to this threat?

It essentially boils down to having sensitive files stored on a public web server, but that can happen in a few different ways.

First, a company could be storing this data on its own web architecture to make it easy to access or share these files within the company, as well as with its clients or vendors. However, the reverse is also true -- a company's clients or vendors could upload its information to share or access more easily. There's also the risk that executives or employees will store company files on third party sites with weak security. Lastly, federal, state and local government agencies routinely collect corporate data like tax IDs, which are often stored online in spreadsheet files.

Because a company's private data is often housed by multiple parties, it's impossible to eliminate this risk entirely. However, businesses can take a number of steps to significantly lower the damage potential.

1. Remove all sensitive information.

Every business should start by asking itself two key questions: which information is too valuable or risky to disclose to the public, and does any of that data really have to be stored through its website (i.e., on a public web server)?

Examples may include personnel files, customer profiles, financial records, etc. Sensitive files like this should never be stored through the website unless it's absolutely essential for business operations. It's far safer to store them separately on a private, encrypted server.

Related: These 5 Companies Are Growing as Large as the Online Security Threat

2. Protect data that can't be moved.

If a company has to keep sensitive data on its website, there are two ways it can protect it: encrypt it (require a login and passcode to access the data) and make sure the site is configured with robots.txt files to block web crawlers like Googlebot from indexing the data in public searches.

This, however, is a less secure solution than the one mentioned in No. 1, so think carefully about the risks versus benefits before going ahead.

3. Check the company's online footprint.

Do a routine check to see if the company has critical data exposed on the web.

Here's a simple way to do this: (a) Go to Google.com, (b) type in "site:COMPANY.COM filetype:xls"; (c) see if this pulls up any sensitive information; and (d) repeat the same command for DOC, PDF, PPT and other file types the company in question may use.

4. Remediate exposed data.

If private corporate information is found to be accessible on the web, use Google's Webmaster tools to remove it from the cache.

However, if third parties are responsible for the accidental disclosure, notify them immediately and request the information be pulled from the Internet, servers and Google's cache.

Related: How Much Do Data Breaches Cost Big Companies? Shockingly Little.

Chris Hadnagy

CEO of Social-Engineer Inc.

Chris Hadnagy is CEO of Social-Engineer Inc.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

The Remote Side Hustle a 43-Year-Old Musician Works on for 1 Hour a Day Earns Nearly $3,000 a Month: 'All From the Comfort of Home'

Sam Ziegler wanted to supplement his income as a professional drummer — then his tech skills and desire to help people came together.

Business News

Costco CFO Reveals Uncertain Fate of $1.50 Hot Dog and Soda Combo

CFO Richard Galanti reveals that the price will stay the same — but only "for a while."

Business News

The Most Unexpectedly Popular Side Hustle of the Decade Has Low Startup Costs and High Markups

A new report shows that vending machines are a popular investment — and the industry is set to grow up to $3 billion by 2031.

Marketing

Ever Wonder Why Certain Websites Rank Higher Than Yours? This SEO Expert Reveals The Secret to Dominating Search Results

It's often the smart use of SEO, now supercharged with AI, particularly in keyword optimization.

Business News

AI Is Impacting Jobs. Here Are the Gigs Affected the Most, According to an Analysis of 5 Million Upwork Postings

The researcher said in the report that freelance jobs were analyzed first because that market will likely see AI's immediate impact.

Leadership

Former Interrogator Shares 5 Behaviors Liars Exhibit and How to Handle Them

Five deceptive behaviors to look for and how to respond to those behaviors when you encounter them.