The internet is a living record. Every move your organization makes online leaves a mark; if you don’t think cyber criminals aren’t watching, you’re probably mistaken.
Take spear phishing for example. Spear phishing is a popular form of cyber attack used by criminals to target a specific person in an organization, and according to Symantec’s Internet Security Threat Report 2019, it’s often used to gather more information about a company that can be used in a later attack
Spear phishers use publicly available information to find an employee and trick them into responding, or in other words, they use the company’s (or the employee’s) digital footprint.
What is a digital footprint?
Your organization’s digital footprint is made up of everything your enterprise does online; it includes all your organization’s online activities, transactions, and communications as well as those of your extended enterprise, such as your vendors or suppliers.
The cloud has complicated the nature of organizations’ digital footprints in recent years; now that companies rely on Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) for mission-critical operations, their digital footprints have expanded. As a result, those footprints can be more difficult to secure, or even to define.
The good news is that managing any digital footprint isn’t impossible; organizations simply need to know how to get started.
1. Find the edges of your footprint
The first step toward managing anything is measuring it. To do this with your digital footprint, you’ll first have to find its borders. This can be a challenge. Not only will you have to expand beyond your own organization and look into your third parties’ digital footprints, but you may also find that departments within your organization have brought on their own SaaS without telling your IT team. Your first step will be to find every third party, and discover how big your footprint truly is.
2. Manage your extended enterprise
Once you’ve found all your third parties, it’s time to place them into a well-managed vendor management program. You’ll need to vet them all, assign them risk ratings, and continuously monitor them, so that you’ll know which third parties represent the most risk to you.
3. Make sure your private information is just that
Have any of your credentials been leaked? Was an Amazon Web Services bucket poorly configured so that it’s public? Is proprietary information on the open internet (accidentally or not)? Know what’s private and what’s been made public, and be certain to double down on privacy, requiring multi-factor authentication, secure devices and other strong security that will keep private data just that: private.
4. Know what’s out there
What are others saying about your company online? Are all your reviews on Glassdoor and Yelp good? What about your mentions on Twitter and LinkedIn? How about the press and your search results? This is an old-school way to think about your digital footprint, but it’s still relevant to know what’s being said about your organization in places where you don’t necessarily control the message. You may also want to delve deeper and see if any criminals are talking specifically about your organization in a way that suggests you might be a target.
5. Practice good cybersecurity
There’s no substitute for good cybersecurity practices. Once you know what your footprint is, you can manage it by keeping your data secure and by monitoring your footprint, but you should also be routinely patching software, teaching your employees to spot suspicious emails, and securing all devices. Common sense is almost always the best way to keep your footprint secure.
How SecurityScorecard can help secure your footprint
It may be difficult to measure your digital footprint on your own. It may be helpful to bring in a partner organization that will help you analyze your footprint, as well as the footprints of your third parties, vendors, and subsidiaries.
SecurityScorecard allows you to easily monitor security risk across your entire organization, and segment by lines of business for a customized view of your entire footprint. Our scorecards enable portfolio cybersecurity risk monitoring, remediation, and documentation so that your enterprise can secure its systems, networks, software, and data for a robust cybersecurity posture.
We also continuously monitor your enterprise for risk, so if your organization or any of your third parties falls out of compliance, we let you know as soon as possible so you can start remediation immediately.
With custom scorecards, you can gain more detailed information about how different business lines impact your holistic security score. We also provide suggestions that will allow you to address any issues that are bringing your security score down — no matter where in your footprint those issues lie.
