How Dorkable Is Your Business? Many companies make a critical security mistake -- simply because they don't even know it's a threat at all.

By Chris Hadnagy

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

REUTERS | Kacper Pempel

It's no surprise that businesses often make basic mistakes when it comes to cybersecurity. Whether it's using "password" as a password, not having a firewall set up, forgetting to run security updates on the operating system, giving employees too much access to critical data -- the list goes on and on.

But there's another mistake companies often make, simply because they don't even know it's a threat at all: exposing sensitive information to Google "dorking."

Google dorking, or Google hacking, is one way malicious hackers can gain access to valuable information about a company. It involves using advanced commands in Google to find specific data sets that companies, as well as government agencies, have unwittingly made accessible by storing them on public-facing web servers.

These files aren't easily found by the average person, however, anyone who knows how to perform a specialized web search can retrieve them in a matter of minutes. The type of information exposed to this type of search can include user logins and passwords, email lists, employer identification numbers (EIN), bank accounts, software settings, etc.

Exposing this information is dangerous, because it can pave the way for phishing email attacks, network breaches, financial fraud and much more. In fact, many sophisticated phishing campaigns rely on this type of open-source intelligence to create customized, highly convincing emails for targeted employees and executives. The threat is so severe the Department of Homeland Security issued an alert last year to law enforcement and public safety agencies, warning them about the potential risk of data breaches specifically due to Google dorking.

Related: 5 Tips to Protect Your Business From Hackers

So, how does a company become vulnerable to this threat?

It essentially boils down to having sensitive files stored on a public web server, but that can happen in a few different ways.

First, a company could be storing this data on its own web architecture to make it easy to access or share these files within the company, as well as with its clients or vendors. However, the reverse is also true -- a company's clients or vendors could upload its information to share or access more easily. There's also the risk that executives or employees will store company files on third party sites with weak security. Lastly, federal, state and local government agencies routinely collect corporate data like tax IDs, which are often stored online in spreadsheet files.

Because a company's private data is often housed by multiple parties, it's impossible to eliminate this risk entirely. However, businesses can take a number of steps to significantly lower the damage potential.

1. Remove all sensitive information.

Every business should start by asking itself two key questions: which information is too valuable or risky to disclose to the public, and does any of that data really have to be stored through its website (i.e., on a public web server)?

Examples may include personnel files, customer profiles, financial records, etc. Sensitive files like this should never be stored through the website unless it's absolutely essential for business operations. It's far safer to store them separately on a private, encrypted server.

Related: These 5 Companies Are Growing as Large as the Online Security Threat

2. Protect data that can't be moved.

If a company has to keep sensitive data on its website, there are two ways it can protect it: encrypt it (require a login and passcode to access the data) and make sure the site is configured with robots.txt files to block web crawlers like Googlebot from indexing the data in public searches.

This, however, is a less secure solution than the one mentioned in No. 1, so think carefully about the risks versus benefits before going ahead.

3. Check the company's online footprint.

Do a routine check to see if the company has critical data exposed on the web.

Here's a simple way to do this: (a) Go to, (b) type in "site:COMPANY.COM filetype:xls"; (c) see if this pulls up any sensitive information; and (d) repeat the same command for DOC, PDF, PPT and other file types the company in question may use.

4. Remediate exposed data.

If private corporate information is found to be accessible on the web, use Google's Webmaster tools to remove it from the cache.

However, if third parties are responsible for the accidental disclosure, notify them immediately and request the information be pulled from the Internet, servers and Google's cache.

Related: How Much Do Data Breaches Cost Big Companies? Shockingly Little.

Chris Hadnagy

CEO of Social-Engineer Inc.

Chris Hadnagy is CEO of Social-Engineer Inc.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Related Topics

Side Hustle

Getting Laid Off Allowed Him to Focus on His Sentimental Side Hustle. Now He's on Track to Earn Over $700,000 in 2024.

Alaa El Ghatit wasn't fulfilled at his day job. So he started LifeOnRecord to help people record memories and well wishes.

Social Media

With This LinkedIn Algorithm Change, Your Best Posts Could Reach New Readers for Months

It's one of many new features rolling out on the platform in 2024.

Side Hustle

20 Side Hustle Ideas for Summer 2024: Part One

Instead of spending money this summer, prepare now to make extra cash through the following side hustles while still enjoying your free time.

Thought Leaders

Why Successful People Never Second Guess Themselves — and 5 Strategies to Help You Get Rid of Indecision

Making smart and swift decisions is a hallmark of success. But how do we do it well?

Business News

Should CEOs Take a Pay Cut to Avoid Layoffs and Cutting Jobs? It's Complicated, Experts Say

Former Nintendo CEO Satoru Iwata famously took a 50% pay cut in 2013 to avoid layoffs and pay employee salaries.

Growing a Business

9 Hidden Reasons Your Customers Will Leave You

Understanding why customers are leaving your business takes attention, not assumptions. Read on for proven ways to catch issues early and keep more clients around for the long run.