Social Media and my digital footprint. Just when I thought I was out, they pull me back in.
As an InfoSec engineer I have a love/hate relationship with Social Media. I would love to withdraw myself from all online Social Media circles. If I want to share something with friends and family, I would prefer to do it directly and personally. This is because in the virtual world of cyberspace, I want to be able control how far the information in my digital footprint travels.
In this modern digital age, businesses and people only want to be seen communicating by the latest fad. With the increase in digital engagement, the line drawn between business and personal use continues to dissolve. This means it is getting harder to keep your personal life away from companies. It is becoming accepted that you must have a Social Media footprint to do business. Worse still, companies won’t do business unless you have a digital footprint that shares something about you personally.
My digital footprint on LinkedIn
For me the biggest issue I have with Social Media is LinkedIn. Personally, I have been on LinkedIn since February 2009. In today’s digital age that is an eternity. It also puts my account in at least one of their major data breaches, which I can attest to by the amount of junk email I receive to my ‘special’ LinkedIn email address.
Once you are online and sharing, it gets harder and harder to withdraw. This is particularly the case with me and LinkedIn. Whereas I’m happy to share my CV with future clients, I need to prevent cyber criminals from using the information for their nefarious needs.
I’ve dabbled with their ‘Pro’ service, as being a contractor I would love to have a competitive edge in winning my next big contract. I’ve also left a couple of times, or just had a totally empty profile. To miss-quote ‘The Godfather’ (and The Sopranos for that matter), Just when I thought I was out, they kept pulling me back in.
Businesses now expect you to have a digital presence so that can vet you as a potential employee. Once you’re in though, the security savvy hope that you have the smallest digital footprint as possible.
This is because the ‘bad guys’ favourite information source is LinkedIn. It is a godsend to a Social Engineer. It can give them an entire breakdown of a business, experience levels of key staff and a whole host of information to mount an attack.
So why after 8½ years am I only making a blog post about this now?
Well it’s the surprising release by the UK governments exemplar of security that they too have joined LinkedIn. The National Cyber Security Centre (NCSC) have now created their profile and are actively pushing information onto the platform. Of course, one hopes that the ‘spooks’ won’t be operating personal LinkedIn profiles, but it does seem to be a contradictory message. As Information Security Professionals, we have been telling people and businesses;
- To protect your identity and personal information, you must reduce your ‘digital footprint’ to its smallest possible size.
- To protect your business from Social Engineering attacks, you must train your staff and encourage them to exclude the business from their personal ‘digital footprints’, whilst also being careful about how your company publicly communicates.
Unshakeable Salt has published advice and guidance to help people and businesses reduce their digital footprint.
So what’s the bottom line ?
The first advice here is to consider the risks yourself of what information you put online and where. It might be the right choice for a national agency such as the NCSC, but will be different for you.
The second piece of advice is the reiteration of the message of “think before you share”. Having chosen which Social Media channels you are going to maintain, make sure you only share appropriate information and retain as much control as you can.
Finally (keeping the list short), walk on tip toes. Follow the best practices to reduce your Digital Footprint and when you stop using a channel you wash over and remove those previous footsteps.
Google Docs, please click on this link
A big Google Docs WORM and 2 factor authentication bypasses. Wow, what a 24-hour...