Among the latest attacks made on enterprises by cybercriminals are spear phishing tactics. These campaigns commonly combine spoofed email addresses and personal or publicly available information on verified senders, to impersonate them and fool victims. A recipient who believes they are communicating with a trusted individual or enterprise may impart confidential company information or expose sensitive personal information belonging to customers or personnel.
For these attacks to be successful, hackers work to make their phishing messages appear as authentic as possible. The more accurate and up to date the information they possess on an enterprise and the individuals who work there, the more believable their traps will be. While hackers will sometimes need to penetrate company networks and servers to gain useful details for their attack, the simplest method of gathering information is to look online and collect data that is publicly available.
What does digital footprint mean?
The term “digital footprint” refers to any data that is inevitably left behind after an individual utilises a digital service or a person inputs information about an individual or enterprise on digital forums, like social media networks. All entities operating and interacting online are likely to possess a digital footprint. Activities like banking, social and professional networking, making purchases and sharing digital images all add to a digital footprint. Those who create content about an individual or organisation can also help build a digital footprint with posted blogs, biographies and digital photos.
The actions of employees online
What an enterprise’s staff member says and does and online, along with how they employ the digital devices they use, can sometimes make put them and the firm they work for at risk from security-related threats. Some of these potential vulnerabilities are clear to see, like sharing or posting confidential company content that endangers an organisation’s processes, assets or personnel, while others are less obvious. From smartphones that report or track geolocation data, to online search engines that store the history of visited sites and entered credentials, there are many potential vulnerabilities malicious operators can make use of when they wish to obtain information on companies and their staff.
Tightening security of information
While every company will have some publicly available information present online, from details on dedicated social media accounts to the “about us” of its website, all enterprises should be aware of their digital footprint. Companies must be mindful of the content they reveal, examining their social media accounts and website and removing any information that is unnecessary and could be potentially harmful if used by hackers and other malicious actors.
Staff should be educated on how sharing personal information can negatively impact their organisation if used in spear phishing attacks. Companies should also be aware of any details about themselves being shared online by suppliers, contractors, and preferred partners that could also be used in attacks.
For advice on protecting your firm and employees with a comprehensive security solution, contact Galaxkey today and experience an online demonstration of our secure workspace.