DHS NCCIC Report on Assessing Risks of Your Digital Footprint
To facilitate efficiency and effectiveness on a global scale, massive amounts of data are stored and processed in systems comprised of hardware and software. Each digital transaction or interaction we make creates a digital footprint of our lives. Too often, we don’t take the time to assess not only the size of our digital footprint, but what risks are involved in some of the choices we make. Our data lives in our social media profiles, mobile devices, payment accounts, health records, and employer databases among other places. The loss or compromise of that data can result in an array of impacts from identity theft to financial penalties, fines, and even consumer loyalty and confidence. This results in both a shared risk and therefore shared responsibility for individuals, businesses, organizations and governments. The following product is intended to facilitate awareness of one’s digital footprint as well as offer suggestions for a unified approach to securing that data. This is not an all-encompassing product, but rather offers discussion points for all that hold a stake in the security of our data.
Digital Footprint: Assuming Risk
The rapid growth of new technologies continues to make accessing information and resources faster and easier. Though increases in convenience and efficiency are often obvious, it is important to be aware that the interactions between a user and the internet become a part of the user’s digital footprint. A digital footprint, often classified as active or passive, refers to the traces left by a person’s activity in the digital environment. Active footprints are those created when an individual intentionally releases information. Examples include posting information or images to social media sites like LinkedIn, Facebook and Twitter. Alternately, a passive footprint is one that is created when data related to an individual is collected without that individual actively or intentionally sharing the information. Examples include the public posting of court records, marketing sale of home addresses, collection of web-browsing habits, and even through comments or pictures posted by others to social media. While there are methods that can be used to limit or reduce an individual’s digital footprint, there is no practice that can be used to delete it altogether.
A digital footprint is useful in some instances, such as the convenience of linking certain web accounts for online payments or allowing a site to ‘remember you’ which avoids entering user names each time someone wishes to log in. However, a digital footprint is also valuable to parties interested in monitoring their website traffic or for use in targeted advertising. During the course of normal web-browsing an end-user may notice that the advertisements being displayed align closely to items they have recently searched for or purchased. There are several methods by which end-user information is collected to specifically target advertising; some include:
Third Party Cookies – Cookies are small data files that are placed on an end user’s computer after visiting a website. First party cookies are from the actual entity that owns the website, which allows them to recognize your browser/computer when you return to their site. Third party cookies, however, may belong to ad agencies associated with the visited website. Ad agencies pay websites to allow them to place their cookies on the end-users system as they collect data on a user to form a record of browsing habits, computer settings, preferences and so on. This information is often used for targeted advertising.
Search Engine Marketing – Most commonly used search engines analyze users search terms to determine which advertisements will populate within search results and which will appear in the paid space. Information and ads that have been paid to populate for specific end users will generally appear in the page margins.
Past Purchases – Purchases made both online and in brick and mortar stores often result in collected information such as zip code and regularly purchased items. This information is then used to suggest products for your next purchase or offer coupons for items similar to those you have purchased in the past.
Profile information – Information that users include as part of a social media profile may be used by ad agencies to display targeted ads.