Managing Your Digital Exposure

Requirements

1. A full social media audit must be conducted annually across every platform on which you have ever had a presence — including dormant accounts. Content that reveals location patterns, financial position, travel schedules, personal relationships, or security-relevant affiliations must be removed or restricted unless its disclosure is deliberate and considered.
2. Professional profiles — LinkedIn and equivalent platforms — must contain only information you have consciously decided to make available. Employment history, board memberships, advisory roles, and institutional affiliations all expand your attack surface and should be listed only where the professional benefit is clear and outweighs the exposure.
3. Photographs shared publicly must be reviewed before posting for inadvertent disclosures: identifiable location backgrounds, vehicle registration plates, documents or screens visible in frame, and reflective surfaces that reveal information not intended to be shared.
4. Geolocation features must be disabled on all social media and messaging applications where they are not functionally necessary. EXIF location data embedded in photographs must be stripped before posting. Live location sharing must not be enabled on any platform by default.
5. Tag and mention permissions on all social platforms must be configured to require your approval before any content is publicly associated with your profile. You must not be automatically tagged by others.
6. Data broker records must be reviewed and removal requests submitted annually. The primary aggregators — Spokeo, Whitepages, BeenVerified, Intelius, and their equivalents in your jurisdiction — must be checked. Where records re-accumulate, removal must be repeated.
7. Any planned public mention of your name, role, or affiliated entities — in press releases, news coverage, conference programmes, or published interviews — must be reviewed in advance where you have the ability to do so. Approve only what serves a clear purpose.

The Aggregation Problem

Each piece of information you share online appears unremarkable in isolation. A name. A job title. A photograph from a restaurant. A comment on an industry post. A check-in at an airport. A mention in a company announcement. None of these individually raises concern. The problem is that they do not remain isolated — they are aggregated, indexed, and cross-referenced by data brokers, intelligence tools, and anyone motivated to look.

The result is that a person who has been individually careful about each disclosure may still have created a profile that is, in aggregate, detailed enough to know where they live, where they work, who they associate with, when they travel, what they own, and what they are likely worth. This profile is not created by hackers. It is assembled from information that was shared voluntarily, piece by piece, over years.

Social Media

Social media is the most consistent source of self-generated exposure for high-value individuals. The risks are not confined to obvious disclosures — it is rarely a post that says "I am travelling to Geneva on Tuesday." The risks are in what can be inferred: the pattern of posts that establishes a weekly schedule, the photograph that reveals a home address in its background, the check-in that confirms a physical location at a specific time.

The audit must cover historical content as well as current behaviour. Platforms retain content that has been forgotten. Search engines index posts from years ago. Old accounts on platforms you no longer use remain searchable. The audit is not a one-time action; it is a recurring discipline applied consistently.

Professional Profiles

LinkedIn and equivalent professional platforms present a specific challenge: they are designed to maximise disclosed information as a feature, and professional norms encourage comprehensive disclosure. For most people in most careers, this is harmless. For individuals with significant assets, prominent roles, or contentious business interests, a fully populated professional profile is a detailed intelligence briefing available to anyone who looks.

The decision about what to list is a conscious one. Current role and employer may be necessary for professional credibility. A full employment history going back fifteen years, a complete list of board memberships, and advisory roles at organisations that signal investment interests are all optional. List what serves a purpose. Omit what does not.

Photographs and Geolocation

Photographs carry more information than their visible content. EXIF data embedded in unprocessed image files includes GPS coordinates, device model, and timestamp — data that social platforms sometimes strip but do not always. The safest approach is to strip this data before posting, using any standard image processing tool.

The visible content of photographs is equally significant. An image shared from a home reveals the interior, and sometimes the street visible through the window. A photograph at a restaurant may reveal the area you frequent. An image from a vehicle may show the registration plate. None of these require a dedicated effort to exploit — they require only a motivated person and a few minutes.