When thinking about cyber-attacks, most people will think about the method of attack and how to prevent such an attack from occurring again; however, the pre-incident prepping that occurs before the attack is often overlooked.
In recent years, especially after the COVID-19 pandemic, there has been an increase in social media and internet use. This has caused an increase in how much information is readily available on the internet. Many may think, “the internet already has my information, what’s the harm?” and although there may be some truth to that, it’s not the whole story. Everything that is shared or posted on social media, or the internet, leaves behind a digital footprint that can be traced back to highly sensitive information.
Many companies, small and large, have learned the importance of data privacy through privacy failure and breaches. Maintaining data privacy, or data security, involves the proper handling, storage, and dissemination of information. This doesn’t only apply to organizations and businesses, but also to everyday internet users. If you have ever allowed location access, accepted cookies on a web page, or even posted a family picture on Facebook, you have left a digital footprint. Threat actors will use this information to validate, leverage, and gain access to highly sensitive information. Sometimes that can even lead to home invasions or other attacks. The best practice is to only post or share information that is necessary.
• Update privacy settings: When an application or webpage asks to share your location, only give it restricted access (e.g., Allow While Using App). It is also recommended to set social media accounts to private to prevent other users from viewing pictures or other information on your profile. Note: in iPhone Photos, if your location is on and you share an image with someone, the exact location of where the picture was taken is recorded and attached to that image, making it possible for someone to track it down and discover where you have been or where you are.
• Ensure you’re not providing more information than necessary: Most account setups do not require a middle name, so if it is not needed, do not provide. Also, it is understandable to want to share pictures of your kids or life updates. However, by withholding what school they are going to, their age/grade, and their full legal name, you lower the risk that a bad actor could track you down and even compromise sensitive information through the school.
• Think before you click: When visiting a site, data is collected in the form of ‘cookies,’ so anytime you interact with a link or a pop-up, you are leaving footprints behind. Always ask yourself if the sites you're visiting or the links you're clicking are safe.
If you’re looking for experts to further ensure that sensitive information on you or your business is not readily available online, the Fortalice Solutions OSINT team is here for you. Our team of skilled risk and digital monitoring practitioners have extensive experience in providing clients with advice on how to stay safe when using the internet. We know how to work with organizations side-by-side to deliver tailored services that focus on your specific company and sector, giving you more than just a one-size-fits-all solution.
Additionally, Fortalice’s OSINT team has the tools to go beyond implementing changes for your business, taking the time to not only establish online security and data privacy, but also to ensure your business is safe from malicious actors trying to extract sensitive information. Fortalice Solutions has conducted many digital monitoring services for organizations of all sizes, as well as for high-profile individuals. To conduct a thorough digital monitoring service, Fortalice conducts a social media and internet analysis, looks at public information, and leverages accessible tools to discover highly sensitive information. Also, Fortalice’s OSINT team continuously researches the latest industry direct and indirect threats to ensure we are providing industry best practices.
For additional information on Fortalice Solutions service offerings, contact the team via email at watchmen@fortalicesolutions.com.