I. Introduction: The Overlooked Risk Facing Private Equity and Corporate Leaders

After the assassination of UnitedHealthcare CEO Brian Thompson in late 2024, a few large private equity firms came to us with a direct question: How do we protect ourselves, our teams, and their families?

To be very clear… privacy isn’t what BSC does and it's not a part of our business model. This isn't a thinly veiled pitch for privacy products or solutions. But given the number of serious conversations I had last December, I felt a responsibility to try to help.

Over the last four months, we held interviews with private equity executives around the world. The team reached out to hundreds across firms / roles / regions to better understand how the industry is thinking about personal safety, privacy, and exposure. Was this just a strong reaction to a headline-grabbing tragedy and the public’s overwhelming support for the killer… or the tip of something deeper? The response was pretty consistent: this is a genuine concern to many and it’s personal.

So we created this playbook as a practical starting point – while our primary audience is private equity and M&A professionals, the same principles apply to corporate executives and leaders as well. This is intended to be direct and tactical without being technical / in the weeds. For the privacy experts out there... please don’t come for me. This isn’t a guide for going off the grid. It’s for business professionals who need to stay visible, connected, and online but don’t want their entire lives searchable in the process. This is simply a way to move from awareness to action.

📌 If you take one thing from this article: Visibility is a risk. Privacy is strategy. 📌

Below is a practical playbook with immediate steps you can take to reduce your personal - and your family's - online exposure.

If you're interested in the broader context, it’s in our 2025 Risk Report – a deeper look at how public sentiment, digital visibility, and real-world threats are reshaping executive risk across private equity and beyond. And if you're wondering how your firm should address these risks at a policy level - internally or at the portfolio level - we're working on that too. Stay tuned for next week's release.

II. Protect Your Financial Accounts and Money

We all care about our financial accounts. But most people are still protecting them the same way they did 30 years ago... one password, one email, and blind faith in their bank’s fraud department. While the following advice may sound like overkill, I’ve seen firms lose $5 million from fraudulent wire transfers and the FBI couldn’t claw back a dime. So if your accounts gets drained, don’t count on justice riding into a certain Eastern European jurisdiction with a subpoena to save the day. Instead, count on working for five more years.

If your bank account relies on your Gmail, start here. To do:

☐ Purchase a Dedicated Laptop: Buy a new laptop that will be used exclusively for accessing and managing your financial accounts.
☐ Limit It's Use: Do not use this laptop for casual browsing, Amazon, Gmail, LinkedIn, or anything outside of financial logins. No exceptions.
☐ Password Manager: Pick your poison. My choice is an old school notebook hidden separate from the laptop. I use this just for managing my sensitive account passwords. Alternatively, most people choose touse a password manager (1Password, Lastpass, etc.) on the laptop - but I'd prefer something that I have more control over and less people have access to.
☐ Create a Financial-Only Email: This email should be used only for financial accounts. Do not use your name, firm, or anything identifiable. Use something random, e.g. boaronthefloor@proton.me - consider one of the more secure email services such as ProtonMail or Tuta (previously Tutanota).
☐ Update Financial Accounts: Change your email across all financial platforms to the new address.
☐ Physically Secure the Laptop: Store the laptop in a safe location. Only use it for financial access. Log off when done.
☐ Extra Step (optional but recommended): If you're managing large amounts of money, consider hiring an IT professional to set up a dedicated VLAN on your home network. This isolates the laptop on a separate, locked-down network so that even if a different device gets malware there is another layer of protection.

One other thing to mention: stop shaming password books / journals.

III. Secure Your Phone Number

Your phone number is one of the most overexposed pieces of personal information you have. It’s tied to your accounts, often used for two-factor authentication, and is easily searchable online. If someone wants to impersonate you or gain access to sensitive accounts, this is where they start. Lock it down.

☐ Set up a security PIN or account passcode with your carrier (AT&T, Verizon, T-Mobile, Sprint) to prevent unauthorized access (i.e. popular "SIM-swapping" attacks).
☐ Choose a strong PIN: Avoid anything guessable like your birthday, address, or the last four of your SSN.
☐ Create a separate number for lower-trust use cases (e.g., newsletter signups, retail logins, etc.) using Google Voice or MySudo.
☐ Use authenticator apps (e.g. Duo or MS Authenticator) for MFA. Avoid using your phone number as a second factor.
☐ Use a separate secure email (e.g., ProtonMail) for account recovery. Not your personal gmail inbox or your financial-only email.

IV. How to Stop Apps and Devices from Tracking Your Location

Your location is constantly tracked by your browsers, phone, and the dozens of apps you forgot you installed. Want to know just how invasive location data can get? It's so detailed that Wired was able to trace nearly 200 devices visiting Epstein’s island: travel paths, time on the ground, where they were before going to the island and after the island. This data was originally sold for ad targeting and revealed precise locations of the mobile phones - so much so that the data had “common daytime or evening locations" after leaving the island... a polite way of saying home and work addresses.

Stop letting your devices overshare. To do:

Browsers

☐ Install uBlock Origin, Privacy Badger, or Ghostery to block trackers.
☐ Disable location access in Chrome, Safari, or Firefox (deny all location requests).
☐ Test browser tracking exposure using Cover Your Tracks.

Phones

☐ iPhone: Turn off Location Services or set to “While Using” for essential apps; disable "Significant Locations."
☐ Android: Disable or restrict app-level location access; opt out of ad personalization under Google > Ads.

Apps

☐ Facebook / Messenger: Disable location tracking, Bluetooth, and contact syncing.
☐ Review and revoke unnecessary permissions across all apps
☐ Be cautious of all “free” apps (flashlight, weather, police scanners, etc.) - they didn't make an app free out of the goodness of their heart. They need to make money somehow and it's most likely by collecting/selling your data.

V. Remove Your Personal Information from Data Broker Sites

Your name, address, phone number, and family details are likely floating around on sites like Whitepages, Spokeo, PeopleFinder, and 100+ other data brokers that never asked your permission (don’t need it). These sites are where threat actors – fraudsters, activists, stalkers, or worse – start their research. The Government calls this “information aggregation” and treats it as an operational security risk for federal employees. You should probably apply the same thought process.

You didn’t sign up for this. Doesn’t mean you’re not listed. To do:

☐ Use a paid removal service like Optery, Incogni, Privacy Bee, etc. Most cost around $200–$400 per year and will auto submit takedown requests to 100+ data broker sites. (note: BlackSwan Cyber has no affiliation with these services)
☐ For a more white-glove service consider options like ObscureIQ. Again, no affiliation, but Jeff Jockisch is a well-respected name in the privacy and data broker space that shares a lot of good insight on LinkedIn.
☐ Make sure your provider conducts recurring scans and opt-out cycles. Most data brokers will remove your info and then quietly add it back once they refresh from other sources. This isn’t malicious... it’s just their business model.
☐ If you prefer the DIY route, start with high volume brokers like Whitepages, Spokeo, and PeopleFinder. Use a burner email when submitting any takedown requests.
☐ Set a calendar reminder every 3 - 6 months to recheck what’s been republished. Even with a good service, ongoing maintenance is key.
☐ Bottom line: if federal agencies treat data broker exposure as an operational security threat, maybe it’s time we stopped accepting it as the new norm.

VI. Reduce Your Online Exposure

You can’t erase yourself from the internet. And if you work in private equity, you probably shouldn’t. But you can control what strangers and data scrapers see when they look you up. This isn’t about hiding your career or downplaying success – it’s about making it harder for strangers to map your life in three clicks.

Start with the obvious... LinkedIn. LinkedIn is a great tool but it’s also one of the easiest ways to map your network, your employer, and your exposure. If someone’s looking to profile or impersonate you, this is usually where they start. To Do:

☐ Public Profile Settings: Limit visibility to just your first name, last initial, and title. Turn off everything else – photo, activity, interests.
☐ Profile visibility off-platform: Disable visibility to search engines.
☐ Connections List Visibility: Set to “Only you.” There’s no upside to making your entire network public.
☐ Who can follow you: Restrict to connections only.
☐ Audit your connections: If you don’t know them, they don’t post, and they’re not in your world... it's probably time to remove them. Who are they? Why are you connected with them?
☐ Screen recruiters like you screen deals: There is a rise in fake recruiter profiles used to gather info on firms, portfolios, and individuals.
☐ Be cautious with endorsements and recommendations: They reveal who you’ve managed, collaborated with, and reported to. Useful for networking, but also for anyone trying to accurately map your role and relationships.

Make personal social media less searchable. To Do:

☐ Set your Facebook, Instagram, and Twitter/X profiles to private. This should be non-negotiable for you and your family.
☐ Remove or hide your birthday, relationship status, hometown, and check-ins.
☐ Disable location sharing and facial recognition features where applicable.
☐ Audit your friends or followers list. If you don’t recognize someone, remove them.
☐ Disable Google indexing of your Facebook profile: Settings → Privacy → “Do you want search engines outside of Facebook to link to your profile?” → Set to No.
☐ Scrub old bios from event sites, speaker panels, and public decks. Remove personal, family, or location details that don’t belong there.

Think of it this way: anything a stranger can learn about you in 60 seconds of googling should be considered a liability.

VII. Protect Your Identity in Real Estate, LLCs, and Public Filings

Your name is likely tied to more databases than you realize... LLC filings, real estate records, political donations, domain registrations, professional licenses. etc. Most professionals in the PE space likely know this, but it's still worth pointig out from a privacy standpoint because even one mistake can expose more than you intended.

LLCs, Filings & Registrations
☐ Do not use your home address on any business, licensing, or corporate filings.
☐ Use a registered agent with mail forwarding or a virtual office address if required.
☐ Form LLCs in privacy-friendly states: New Mexico, Wyoming, or Delaware are most commonly used.
☐ For added separation, layer ownership using parent/child LLC structures across states.

Domain Names (WHOIS Data)
☐ Enable domain privacy protection when registering a domain.
☐ Use a non-identifiable alias email and virtual address.

Real Estate ⚠️ Transferring property can impact taxes, lending, and insurance. This is not legal advice. Consult your attorney and tax advsors before making changes. ⚠️
☐ Consider transferring personal real estate into an LLC or trust so that your information is not exposed on County Assessor records, Deed records, etc.
☐ If buying new property, explore title structures that reduce public record exposure.
☐ Claim your home on Zillow → More → Claim this Home → Owner Dashboard → Edit Facts → Check “Hide Photos.”
☐ Claim your home on Redfin → Account Menu → Owner Dashboard → Edit Photos → Check “Hide Listing Photos.”
☐ Submit a blur request to Google Street View: support.google.com/maps/answer/15439776
☐ Search your realtor’s website and request removal of listing photos.

VIII. What Political Donations Reveal and How to Minimize Your Exposure as an Executive

‍Political donations are legally required to be disclosed in most cases. Once your contributions cross federal or state thresholds (typically $200), your name, address, employer, and occupation will appear in public campaign finance databases... where they’re regularly scraped by activist groups, journalists, and data brokers.

The following steps can help you reduce unnecessary exposure while remaining compliant:

☐ Avoid using your home address when making political contributions if another legal option is available.
☐ Understand that contributions over $200 are publicly disclosed under federal law.
☐ Be aware that donations under $200 may still be collected and stored by platforms like ActBlue and WinRed... and some campaigns voluntarily disclose all donations.
☐ If you’re donating to a cause (not a campaign), consider giving to a 501(c)(3) or 501(c)(4) org. They don't have to publicly disclose donors, although some states may have additional rules.
☐ If you want added privacy look into donor-advised funds (DAF).
☐ Never misrepresent your identity or use an address that could be considered misleading. Donor information must be accurate and truthful under FEC rules.
☐ Do not use straw donors or contribute in someone else’s name. This is illegal.
☐ If privacy is a priority and you’re making recurring or substantial donations, consult a campaign finance attorney.

IX. Travel Privacy for Executives: What to Share / What to Hide

Travel is where privacy usually slips without you realizing it. From LP dinner posts to out-of-office replies, routine travel habits provide more info to strangers than you probably realize. Don't worry, you don’t need to go off-grid or act like a spy... just be thoughtful about what you're sharing and when.

Before your trip:
☐ Don’t share travel plans on public calendars, newsletters, or social media.
☐ Avoid naming hotels or events in out-of-office replies.
☐ Book travel through corporate platforms and consider using initials or an assistant’s name.
☐ Disable Bluetooth and Wi-Fi auto-connect on all devices.
☐ Pack a portable charger.. skip any public USB ports.

While you travel:
☐ Don’t post real-time travel updates. Wait until you’re back.
☐ Use a VPN on hotel and airport Wi-Fi.
☐ Request a “Do Not Disclose” or “Privacy Flag” when booking hotel reservations.
☐ Set this privacy preference as default in your corporate travel profile.
☐ Don’t log into sensitive accounts on shared devices or airport kiosks.

X. How to Protect Your Family's Privacy and Online Activity

This isn’t just about reducing your exposure. It’s about protecting the people closest to you... who often share without realizing how visible those details really are. A child’s tagged location, a spouse’s birthday post, or a family photo at home can unintentionally reveal far more than intended.

This isn’t about control – it’s about care. Help your family understand how digital habits affect privacy and give them the tools to manage it.

☐ Talk with your family about what’s safe (and not) to share online. Talk about how small details like school names, birthday shout-outs, or tagged vacation photos can create real-world issues.
☐ Encourage private social accounts for everyone in the household.
☐ Remove or hide your home address, family names, and school info from public bios.
☐ Here's a fun example to try with family: take a photo near a local landmark (e.g. local high school, popular restaurant, etc.), upload it to www.GeoSpy.ai, and show how AI finds the exact location within minutes.
☐ Know that parental control apps exist – if you use them, consider doing so transparently and with care.

XI. Google Yourself: Run a Privacy Audit on Your Public Exposure

Once you’ve taken the right steps... tightened privacy settings, reduced public exposure, and scrubbed your footprint.... it’s time to test your work. A quick search of your name can reveal outdated listings, exposed documents, or details you thought were buried. You should do this once a year to keep tabs on things.

☐ Search your name in quotes: “First Last” + terms like “address,” “cell,” “resume,” “PDF,” or old employers.
☐ Look for old PDFs, bios, speaker pages, real estate records, or other public mentions.
☐ Use Google’s Removal Tool: support.google.com/websearch/answer/9673730
☐ Contact site owners to request edits or removals... most will comply when asked professionally.
☐ Set up Google Alerts for your name, name + employer, name + “cell,” and other variations.
☐ Check alerts regularly: you may catch something before others do.

XII. Executive Privacy: Final Takeaways and Next Steps

You don’t need to be invisible. But you also don't want your entire life broadcast to those you don't know. You don't necessarily need to follow every little step in this playbook, but it provides a good baseline for any non-technical executive that wants to take their privacy / personal risk management seriously. The goal is to move from awareness to action.

References & Additional Resources

If you want to go further or just stay sharp... here are some trusted sources and tools for building a more privacy-minded routine:

• FBI Digital Exhaust Opt Out Guide - Provided to local offices to protect Law Enforcement Officers and their families.
• BlackSwan Cyber 2025 Risk Report
• Electronic Frontier Foundation (EFF) - Surveillance Self Defense: Tips and tools for safer online communications.
• Proton Privacy Blog
• ObscureIQ DIY Privacy Guides

Tools Referenced Throughout This Playbook

• ProtonMail / Tuta – secure, private email options
• Google Voice / MySudo – for secondary/low-trust phone numbers
• Optery / Incogni / Privacy Bee – data broker removal tools
• 1Password / LastPass – Password Manager
• Duo / Microsoft Authenticator App – Multi-Factor Authentication‍
• GeoSpy.ai – To show your family how AI can find the exact location of a photo
• Cover Your Tracks (EFF) – test your browser’s fingerprint