Your digital footprint is another way of describing all the information you share about yourself (knowingly or unknowingly) on the internet.

This can include information you have chosen to put on social media, cookies stored in your browser by websites you visit, messages sent through messaging apps and phrases you’ve typed into search engines.

How does this affect business?

A business has its own digital footprint, so this is something to consider from a brand management perspective. It’s good to Google your company name now and then to ensure that your digital footprint shows you in a positive light!

From a security standpoint, as a business leader your personal digital footprint (and those of your employees) is more interesting to cyber criminals. There may be a gold mine of information freely available online that could be used to engineer a sophisticated attack on you and your business.

Attackers may look to work out passwords for your business systems, or send emails that trick you or an employee into making a payment to them, or into downloading malware.

In some instances, attackers are able to access company systems by “cracking” a junior staff member’s log in information and then leap frogging all the way up to gain complete control of the system.

What kind of digital footprint information do cyber criminals use?

It can be disconcerting to be confronted with the amount of data a company like Google holds about you (find this out by logging into your Google account and navigating to “Data & personalization”, scrolling to “Things you can create and do” and clicking “Go to Google Dashboard”), but you may be shocked to realise just how much information you’ve made freely available to absolutely anyone with an internet connection.

Information found in publicly available profiles can be used for various nefarious purposes including:

• Have you ever divulged information online about a pet’s name, your home town, you mother’s side of the family? And thinking back to setting up some of your online accounts, have you ever set a password or password reset security question that could relate to those nuggets of information?
• Posts and comments made online can be used to craft a convincing email that sounds like it comes from you.

• Your publicly stated “likes” can be used to create targeted phishing attempts that use tactics almost guaranteed to make you click a malicious link or share financial information.

How can we clean up our digital footprints?

• Keep social media profiles private (the NCSC has a list of instructions for managing privacy settings on the various social platforms here) and try to limit friends/contacts to people you know well.

• If you’re going to contribute to the comments section of an online news article, sign up with an anonymous username that can’t be linked to your professional presence.

• Delete old accounts you don’t use anymore.

• Think before you post! Do others need to know this information and could it be used against you in the ways outlined above?
• Educate employees. You might not be able to control what an employee posts online, but some of them may never have thought about the privacy and security implications of the information they share and will appreciate the guidance.

How can we ensure that data found in our digital footprint isn’t used against us?