From a security standpoint, Wheeler said, "Utilize company secured applications and information resources for sensitive data communication. Avoid using “shadow IT” apps like personal file sharing solutions."
Because email accounts can be so easily compromised, Wheeler said, "Ensure all mission critical directives to employees or third-parties are properly authenticated. For example, do not communicate wire-transfer instructions simply via email."
Being aware, from a threat perspective, of their organization's exposure is also key to protection. Jeff Horne, vice president of corporate at Optiv, said "If the company is part of any legislation or negatively viewed by the public, they might have more risk from a target attack."
It is possible, however, for some executives to be a little more paranoid or have a lower appetite for risk, according to Horne. "They may take extreme measures. One of the most common mistakes they make is constant monitoring."
That's why threat intelligence becomes key in terms of protecting executives. Knowing whether somebody is trying to target their company in forums that pass compromised documents back and forth or whether the company has been targeted is important to consider when determining which protection measures are most critical.
"Self awareness from a social media perspective, often goes beyond the executive," said Horne. "If I'm going after an executive and trying to get sensitive information, they usually say absolutely yes up until the point where their family is associated."
Most high visibility executives have no social media or one that is heavily monitored by the company. "When a hacker learns that they are going to Disney, it is going to come through the children or the wife, those extended branches," Horne said.
That's when executives will see more targeted phishing attacks. Horne said, "I could fake an email from the school their child attends, and then they are clicking on a rogue website."
Engaging in cybersecurity conversations with family members becomes an additional responsibility for high visibility executives. "They probably need to turn off their children's Facebook timeline feeds or restrict them to friends only. Come to a common sense approach on tailoring security controls in Facebook," Horne said.
When traveling, executives need to be extremely aware of the countries they are visiting. "It's about situational awareness," Horne said. "The good news is that executives need fewer applications than a developer overseas. They can give an executive a burner phone or burner laptop that has inherent encryption on it."
If asked to relinquish any devices, they can say yes without the risk of having any sensitive data compromised or stolen.
Wheeler said that while traveling, "Avoid file transfer via external devices such as USB drives, especially drives obtained from third-parties such as vendors or conferences, and avoid public WiFi."
Sign up for CIO Asia eNewsletters.