Monitoring for Leaked Company Documents through Google Alerts

This article is part of a series on using Google Alerts to protect you, your family, and your company through early notification of data breaches and leaks.

Previous Articles:

Misuse of Your Personal Information and Google Alerts
Monitoring for New Zero Day Exploits through Google Alerts

If you're following good security practices, all of your internal company documents are properly labeled with important labels such as "Company Proprietary", "Company Sensitive" or "Do Not Distribute".

In fact your company has probably established a standardized header for use on all sensitive documents.

So, when's the last time you performed a Google search for this header?
When's the last time you searched to see what documents are being exposed to the web hosted on your domain?

The results might surprise you.

The Google Hacking Database has some excellent information on how to use Google to find sensitive files.  It's very easy to use some of the search queries there, add your company name or standard header, and see what happens.

In fact, even if you find no results, it would be a great idea to setup Google Alerts to monitor for documents posted (accidentally or otherwise) which appear to be internal company documents.

Here's an example, which should produce results for (hopefully!) intentionally posted documents: filetype:doc OR filetype:xls OR filetype:pdf
The above query will return common office documents which are hosted on, or any subdomains.  Replace with your main domain, and see what results you find.

Beware: Many hackers already know these tricks, and will use them to perform reconnaissance on your company before initiating an attack.  Even the most mundane documents, such as a list of email addresses and phone numbers, could be used to assist in launching a spear phishing (targeted phishing) attack against your company.

No comments:

Post a Comment