After a recent phishing attack against 11 energy companies, DHS is warning business owners in all industries that the bad guys are using the personnel-related information on business websites to develop their attacks. Phishers use the names and contact information of the company that they want to attack to trick other employees of that company that they're being contacted by colleagues and fellow-employees.
DHS wants all businesses to avoid posting employees' names, titles, email addresses, organizational data, and the names of the projects that they're working on. With less information about an enterprise's employees and organizational structure, the DHS reasons, phishers will be less effective in their attacks.
Those of us who run one- and two-person firms in the software development industry are less likely to be tricked by people who learn our names. But each of us should evaluate the need to post a lot of personal information on our websites.