Optery

To mark Fraud Awareness Week, we’re sharing some essential facts and tips to help your organization better protect itself from the most common attack vectors leading to organizational breaches and fraud: compromised credentials (Valid Accounts) and social engineering. These attack vectors have one thing in common—they exploit a critical security gap many organizations overlook. Addressing this vulnerability can make all the difference in reducing the volume of attacks and their likelihood of success. Here’s what your business needs to know: #FraudAwarenessWeek #AttackSurfaceManagement #PIIRemoval

Fraud Awareness Week 2024 is here and it's the perfect time to evaluate how your company is handling PII exposure! We've got some questions to help you assess your current approach.? Reducing your company’s exposure to fraud means recognizing and addressing PII as a key vulnerability. Publicly accessible employee data becomes fuel for attackers to impersonate, deceive, and gain unauthorized access to your systems. Here are some questions to consider: ? Does your company provide PII removal to reduce risk and prevent PII-based attacks like phishing, smishing, vishing, identity fraud, and BEC? If not, it may be time to consider a solution that proactively addresses these risks at scale. ? Are you monitoring for newly exposed PII over time to keep up with profile respawning? Data brokers are notorious for repopulating profiles. Without continuous monitoring and re-removal efforts, any gains made can be undone. ? Is PII removal only being prioritized for executives, leaving other high-risk roles exposed? Contractors, engineers, IT staff, finance personnel, help desk personnel, HR staff, and generally any employees with credentials are in bad actors’ crosshairs. Expanding PII removal to other high-risk roles has become a necessity. ? Are you confident you’re identifying all instances of exposed PII—or could some be slipping through the cracks? If you’re unsure, consider running Optery’s free scan and exposure report to see what information might be out there. #fraudprevention #PIIremoval #cybersecurity

Optery Founder and CEO Lawrence Gentilello recently joined?intelligence and security evangelist?AJ Nash?on the?Unspoken Security?podcast to talk about the shadowy world of data brokers, their impact on privacy and security, the challenges of protecting personal data, state-level data privacy legislation, the evolving role of AI in data brokering, proactive steps to minimize exposure and risk, and more! In the clip below, Lawrence highlights the developing privacy disparity in the U.S. A divide is emerging between those who have data privacy rights, and those who do not. If you live in a state with no comprehensive data privacy law like New York or Washington, you have basically no legal rights to data privacy. Data brokers are increasingly taking advantage of this. Treating the requests of citizens in states with data privacy laws with more respect, and those in states without them with less respect. We see this on the data privacy frontlines at?Optery?every day and are grateful to AJ Nash for bringing attention to this growing divide on the Unspoken Security podcast. Which states have comprehensive data privacy laws today? California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, Virginia, and Oregon. Which states' data privacy laws go into effect in 2025 and 2026? Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey, Rhode Island, and Tennessee. If your state is not listed, tell your representatives you want a comprehensive data privacy law passed in your state asap! Check out the entire episode of?Unspoken Security?podcast via the links in the comments!

A divide is emerging between those who have data privacy rights, and those who do not. If you live in a state with no comprehensive data privacy law like New York or Washington, you have basically no legal rights to data privacy. Data brokers are increasingly taking advantage of this.?Treating the requests of citizens in states with data privacy laws with more respect, and those in states without them with less respect. We see this on the data privacy frontlines at Optery everyday. Thank you AJ Nash for bringing attention to this growing divide on the Unspoken Security podcast. Which states have comprehensive data privacy laws today??California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, Virginia, and Oregon. Which states' data privacy laws go into effect in 2025 and 2026? Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey, Rhode Island, and Tennessee. If your state is not listed, tell your representatives you want a comprehensive data privacy law passed in your state asap!

An increasing number of states have now enacted privacy laws that grant consumers the right to opt out of personal data collection and sales and many include authorized agent provisions. The role of authorized agents is essential in helping to safeguard vulnerable populations such as children, elderly parents, and victims of domestic violence from data exploitation. Third-party services acting as authorized agents are a critical tool for many in safeguarding their personal information because they simplify the process of opting out, which might otherwise be too complex or time-consuming for individuals to manage on their own. As a trusted authorized agent, Optery is dedicated to helping people exercise their privacy rights efficiently and effectively, reducing the digital and physical risks that come with exposed personal data. As more states enact privacy laws and more citizens exercise their rights to opt out, it will become increasingly challenging for bad actors to obtain and exploit personal data—ultimately reducing the volume of phishing, voice and messaging scams, identity fraud, doxing, and other PII-based threats. #PersonalDataRemoval #PrivacyLaws #AuthorizedAgents

Learn how the CISO of a regional bank uses Optery to protect executives and long-term staff, minimize social engineering risk, and reduce spam, phishing, and smishing attempts. Read the full client story here:?https://lnkd.in/eCstqjYc #socialengineering #phishing #smishing

Being proactive about cybersecurity involves playing offense. But to be comprehensive, offensive cybersecurity must address exposed PII as part of their external attack surface. Offensive cybersecurity traditionally focuses on probing the external attack surface—through penetration testing, red teaming, and other techniques—to identify public-facing vulnerabilities attackers could exploit. By actively hunting for these weaknesses, companies can secure them before they become exploitable entry points. While offensive cybersecurity has long targeted external entry points like applications and open ports, today’s threat landscape requires expanding this approach to include public exposures of employee and executive PII on data broker sites. Attackers rely on Open Source Intelligence (OSINT)—including personal data from data brokers—for social engineering, credential harvesting, account takeovers, and other PII-based attacks. Minimizing risk for these attack vectors means proactively addressing both traditional external vulnerabilities and exposed PII. Seeing your organization from an attacker’s perspective requires emulating their reconnaissance techniques to disrupt them. Identifying and removing exposed executive and employee PII that attackers could exploit in their campaigns should be a core part of any offensive cybersecurity strategy. Companies that treat exposed PII as a vulnerability can stay a step ahead of today’s threat actors and dramatically reduce their risk of being targeted. #attacksurfacemanagement #offensivecybersecurity #personaldataremoval

That's a wrap on CyberDefenseCon 2024! Loved speaking with CISOs, spending time with teammates Paul Mander and Gavin Noritsky, and accepting Cyber Defense Magazine's Top InfoSec Innovator Award on behalf of the entire team at Optery for "Most Innovative Attack Surface Management"! A few takeaways: ? CISOs are drowning in third-party risk. One CISO I spoke with has 2,000+ vendors with access to critical data. Your data is only as safe as the third-party vendors you work with. ? Annual penetration testing to check a box on your SOC 2 report is not nearly enough. Anthony Pillitiere took us through a case study on how Horizon3.ai helps customers perform automated penetration testing daily and weekly instead of yearly. ? Stay proactive about hunting for credential leaks and force password resets more frequently. Robert Fernandes covered this in his talk on the critical role of a threat exposure monitoring team to prevent breaches before they happen. ? A growing number of CISOs are partnering with Optery to take their employees' phone numbers, emails, and home addresses out of circulation as part of a modern attack surface management strategy. Full press release on the Top InfoSec Innovator Award here: https://lnkd.in/gum-ZTbD

We’re here at?#CyberDefenseCon 2024! Yesterday, we were honored to receive the?Top InfoSec Innovator Award for "Most Innovative Attack Surface Management"! A huge thank you to our incredible team for all your hard work in making this possible! #Attacksurfacemanagement #Personaldataremoval #Cybersecurity

We’re thrilled to announce that Optery has won?Cyber Defense Magazine’s Top InfoSec Innovator Award for "Most Innovative Attack Surface Management"?during?CyberDefenseCon 2024! We are honored to be recognized in one of the world’s most prestigious cybersecurity awards and to be among such a distinguished group of innovators. This?award underscores our commitment to helping businesses proactively and comprehensively minimize their attack surface against PII-based threats—such as phishing, smishing, vishing, identity fraud, doxing, and harassment—setting a new standard for personal data removal in the security industry. Very grateful to Cyber Defense Magazine for this recognition! Read the full press release here:?https://lnkd.in/ew-gwfRd Check out the full list of winners here:?https://lnkd.in/eN3Anx5H #attacksurfacemanagement #personaldataremoval #cybersecurity