Whilst reading through the New Zealand Information Security Manual (NZISM) I came across this recommendation in section 9.4 Using the Internet within 9. Personnel security:
“Posting personal information on the Web
System Classification(s): R, C, S, TS; Compliance: recommended
It is recommended that personnel undertake a Web search of themselves to determine what personal information is available and contact an ITSM if they need assistance in determining if the information is appropriate to be viewed by the general public or potential adversaries.”
Obviously the NZISM applies to NZ Government departments and agencies and I doubt too many would have implemented a policy that requires staff to Google themselves on a regular basis. However, I am interested if anyone in either the public or private sector has implemented this control and whether it has actually revealed anything that resulted in an information security incident.
I configured a Google Alerts search that automatically searches for terms I have specified (e.g., my name and the company’s name) and sends me an email if it finds any matches. However, I must confess that I did this for marketing, not security, purposes after reading Mitch Joel’s Six Pixels of Separation.
So does your company require you to regularly “Google” yourself for information security reasons? And have you ever found anything posted about you that required you to take action to have the information removed?