What do we mean when we talk about a digital footprint? In IT and cyber security this refers to the trail of data someone leaves behind when they are using the internet or digital services. This includes everything from social media posts to hidden information uploaded in documents. While some data is shared on purpose, a lot of it is shared without people realising.
Types of Digital Footprints
There are two main types of digital footprints
Active Digital Footprint
This is the information you choose to share, such as posting on social media, crating online profiles, or publishing posts online. For businesses, this might include domain names, press releases, and job ads that mention specific tools or systems.
Passive Digital Footprint
This is the information you share without your direct control. This can include your IP address when browsing the web, cookies that track you based on websites you have visited, or metadata in files (like hidden details in a word or PDF document).
Why Does This Matter in Cyber Security?
During simulated cyber-attacks which professionals refer to as penetration testing (pen testing for short), they will use reconnaissance to gather as much data as possible about a person or company. This information can be used to find weaknesses in a system.
A few examples of how digital footprints can help in pen tests:
- Finding a company email address using tools like the Harvester.
- Checking social media to see what software or systems a business might be using. This is called Open-Source Intelligence or OSINT.
- Looking at document metadata to find usernames or system paths.
- Even something simple such as a job ad using the wording “We use Winders Server 2019” can give clues to what infrastructure and systems are in place that might give attackers a target.
Protecting your Digital Footprint
Here are a few steps you can take to protect your Digital footprint from revealing to much information about yourself.
- Be careful what you post online, especially on social media platforms. You would be surprised how easy it is to find posts from years back on search engines like google.
- Use tools to clean metadata before uploading files to the web. Okay so imagine you take your dog for a walk in your local park, take a photo of it and post it on social media, harmless right? Well, that’s the thing, that photo contains meta data which can reveal information about what phone you are using, the GPS location of the photo and few other things too. You can check this out by clicking on the information icon on the photo to see what is being recorded.
- Don’t share to much information about what systems and software your organisation use. Any software no matter how generic, can lead to cues on what your systems you are running.
- Search yourself or your organisation on any search engine – although not standard practice, spending 20 minutes a week could potentially reveal information you may not want to be public. A confidential PDF document, a drunken post on social media, the list is endless.
Digital footprints don’t have to be scary; we all post information online about ourselves and the companies we work for at some point in our lives. 40 years ago, this wasn’t a problem, people only knew information they were given or researched. In today’s world, a quick search if done correctly can reveal so much information. Best to keep an eye on it from time to time.
Final Thought
Everyone leaves a digital footprint; this can be as small as leaving your GPS on your phone and going for a walk. Apple and Google love to track their clients. In cyber security it’s important to understand how this data can be used. Learning how to spot and reduce digital footprint is a great skill to have, especially if you want to control the information related to you that goes onto the internet.