What do employees’ digital footprints mean for the enterprise?
Often, we talk about digital footprints as a consideration for individuals, rather than an enterprise. However, digital footprints have a lot more to do with your business than you think and, in fact, can introduce risk to your enterprise. In particular, the digital footprint of your employees can be a hotbed for hackers. Thus, you need to have the right practices in place to mitigate this risk.
To recap, digital footprints generate every time employees (or anyone, for that matter) interacts online. In other words, every time an individual carries out an online activity, a impression is left behind. However, the boundaries don't stop at your settings – you don't have, say, a 'in office' trail, an 'at home' trail, and an 'on holiday' trail. Digital footprints are a continuous, uninterrupted stream localised to each user.
There are two types of digital footprints: active and passive. Active refers to the information that individuals purposefully submit, such as Tweets, blogs, Facebook comments, emails etc. Essentially, this means content that you expect people to see. Passive, on the other hand, refers to the trail you leave unintentionally. This includes data collected by search engines, smartphones tracking your geolocation data, and so on.
It may not seem obvious at first, but digital footprints can indeed be a threat to the enterprise. We'll explain why.
Get off on the right foot
Cybercriminals can use digital footprints to steal an organisation's data or intellectual property. In particular, they can zero in on the footprint of your employees with administrative privileges to gain access. All it takes is for them to begin a targeted campaign at, say, one of your business executives, to steal your sensitive information.
If a hacker gets into an employee's PC or smartphone, they can investigate the person's passive footprint to gain insight on your business. For example, the employee's search history can be a good way for them to gain knowledge on your corporation. Alternatively, they can use your employee's active information, such as family holiday photos, to orchestrate a social engineering attack.
Of course, much of what your employees are posting/doing online is out of your hands, and your cybersecurity team too. What you can do, however, is reiterate the importance of why they should look after their own footprint (while upping your malware protection, of course).
In particular, there must be an organisation-wide acknowledgement that employees should consider the type of information they post online. You should also remind your workforce of the importance of their privacy settings, ensuring that only known contacts can view their content. In fact, with many aspects of cybersecurity, the greatest mitigation comes from education.
As mentioned before, for organisations, it means stepping up the protection game. Businesses should be regularly scanning for vulnerabilities – and with digital footprints in mind.
Enjoy this article? Why not check out our CxO of the Week, Will Lansing at FICO?