What is a digital footprint?

What is a digital footprint?

A digital footprint, sometimes called a “digital shadow,” is the unique trail of data that a person or business creates while using the internet.

Nearly every online activity leaves a trace. Some traces are obvious, like a public social media post. Others are subtler, like the cookies that websites use to track visitors. Every trace a person or company leaves behind, taken together, forms their digital footprint.

While internet users and organizations both have digital footprints, they differ in meaningful ways. A person’s footprint consists of the personal data they directly and indirectly share. It includes online account activity, browsing history and the details that data brokers collect in the background.

An organization’s footprint is more complex. It consists of the company’s entire online presence, including all its public and private internet-facing assets, content and activity. Official websites, internet-connected devices and confidential databases are all part of a company’s footprint. Even employees’ actions—for example, sending emails from company accounts—add to an enterprise’s footprint.

This article focuses on organizational footprints. Organizational footprints are growing larger and more distributed, fueled by trends like the cloud boom and remote work. This growth comes with risks. Every app, device and user in a digital footprint is a target for cybercriminals. Hackers can break into company networks by exploiting vulnerabilities, hijacking accounts or tricking users. In response, cybersecurity teams are adopting tools that offer greater visibility into and control over the business’s footprint.

Think Newsletter

Would your team catch the next zero-day in time?

Join security leaders who rely on the Think Newsletter for curated news on AI, cybersecurity, data and automation. Learn fast from expert tutorials and explainers—delivered directly to your inbox. See the IBM Privacy Statement.

Your subscription will be delivered in English. You will find an unsubscribe link in every newsletter. You can manage your subscriptions or unsubscribe here. Refer to our IBM Privacy Statement for more information.

https://www.ibm.com/us-en/privacy

Types of digital footprints

Defining an enterprise digital footprint can be tricky because of the number of people and assets involved. The contours of a business’s footprint can change daily as new assets come online and employees use the internet to do routine tasks.

Different business units emphasize different aspects of the footprint. Marketers focus on a company’s public online presence and branded content. Security teams focus on the organization’s attack surface, which is the internet-connected assets that hackers might attack.

To better understand what an enterprise digital footprint can contain, it helps to break it down into an active digital footprint and a passive digital footprint.

Active digital footprint

A company’s active digital footprint consists of all the online activity, assets, and data it directly and intentionally controls. The active footprint contains things like:

  • The company’s public branded content, such as websites, social media accounts, blogs, ads and other media.

  • Apps and online services created and controlled by the organization, including client portals and customer accounts on these apps and services.

  • Any internet-facing hardware or software that employees use to conduct company business, such as email accounts, cloud apps, company-owned endpoints, and employee-owned devices used on the corporate network—within or outside of the organization’s bring your own device (BYOD) policy.

  • Data the company owns, including intellectual property, financial data and customer records.

Passive digital footprint

A company’s passive footprint consists of online activity, assets and data that are connected to the company but not under its direct control. Passive footprints include things like:

  • Vendor activity and assets connected to the company network, such as third-party software packages used in company apps or endpoints that service providers use on company systems.

  • Shadow IT assets, which include all apps and devices used on or connected to the company network without the IT department’s approval and oversight.

  • Orphaned IT assets that remain online even though the company no longer uses them. Examples include old accounts on social media platforms or obsolete software still installed on company laptops.

  • Online content produced about the company by people outside the company, such as news articles and customer reviews.

  • Malicious assets created or stolen by threat actors to target the company and harm its brand. Examples include a phishing website that impersonates the organization’s brand to deceive customers, or stolen data leaked on the dark web.

Security Intelligence | 10 December, episode 12

Your weekly news podcast for cybersecurity pros

Whether you're a builder, defender, business leader or simply want to stay secure in a connected world, you'll find timely updates and timeless principles in a lively, accessible format. New episodes on Wednesdays at 6am EST.
Watch the latest podcast episode

Personal footprints shape the enterprise footprint 

A company’s employees and customers have digital footprints of their own. The data trails they leave behind can form part of the business’s footprint.

Customers contribute to the company's digital footprint by interacting with the organization. This includes posting about the company on social media, writing reviews and sharing data with the business.

Customers can give data to the business directly, such as by filling out online forms to sign up for subscriptions or entering credit card numbers into online shopping portals. Customers can also contribute through indirect data collection, like when an app records a user’s IP address and geolocation data.

Employees contribute to the enterprise digital footprint whenever they use the company's online assets or act on behalf of the company on the internet. Examples include handling business data, surfing the web on a company laptop or acting as a company rep on LinkedIn.

Even employees’ personal footprints can affect the business. Employees can harm the business's brand by taking controversial stances on their personal social media accounts or sharing information they shouldn't share.

Why digital footprints matter

The size and contents of a company's digital footprint can affect its cybersecurity posture, online reputation and compliance status.

Cybersecurity

A company’s digital footprint can make it a target. Stockpiles of personal data catch the attention of hackers, who can make good money by launching ransomware attacks that hold this data hostage and threaten to sell it on the dark web.

Businesses can also anger hacktivists and nation-state hackers when they use online platforms to take stances on political topics.

The bigger an enterprise footprint is, the more exposed it is to cyberattacks. Every internet-connected device or app on the company network is a possible attack vector. Vendor assets and activity also open the organization to supply chain attacks.

Hackers can use employees’ personal footprints to breach the network. They can use the personal details people share on social media sites to craft highly targeted spear phishing and business email compromise scams. Even details that seem benign, like an employee’s phone number, can give hackers a foothold. And if employees practice poor password hygiene—for example, using the same password for multiple purposes or not changing passwords regularly—they make it easier for hackers to steal passwords and gain unauthorized access to the network.

Online reputation

A business’s public content, news coverage and customer reviews all contribute to its online reputation. If most of that content paints a positive picture of the brand, the company has a positive digital footprint. A positive footprint can drive new business, as many potential customers and clients research companies online before buying anything.

On the flip side, a negative footprint can drive business away. Critical news coverage, upset customers sharing their thoughts on social networking sites and low-quality company websites cause negative footprints.

Data breaches can also harm a company’s reputation. Customers trust the business to protect their online privacy when they share sensitive data. If that data is stolen, people may take their business elsewhere.

Regulatory compliance

The personal data a company collects from its customers and employees are part of its digital footprint. Much of this data may be subject to certain data privacy and industry-specific regulations. For example, any organization doing business with customers in the EU must comply with the General Data Protection Regulation, and healthcare providers and others who deal with patients' protected health information must comply with the Health Insurance Portability and Accountability Act (HIPAA).

Regulatory non-compliance can lead to legal action, fines and lost business. Newsmaking cases of non-compliance typically involve large-scale data breaches or cyberattacks. But an organization risks regulatory non-compliance anywhere on its digital footprint. For example, a hospital staffer posting a patient's photo or gossip about a patient on social media could constitute a HIPAA violation.

Protecting the enterprise digital footprint

While a business can't control every aspect of its digital footprint, it can take steps to stop malicious actors from using that footprint against it.

Tracking the public footprint

Some organizations track the public portions of their footprints by setting Google Alerts or other search engine notifications for the company's name. This allows the business to stay on top of news coverage, reviews and other content that can affect its online reputation.
Deploying security software

Attack surface management software can map, monitor and secure internet-facing assets like endpoints, apps and databases. Security information and event management (SIEM) solutions can catch abnormal and potentially malicious activity throughout the footprint. Endpoint detection and response solutions can protect the assets that hackers may target. Data loss prevention tools can stop data breaches in progress.

Virtual private networks can shield employees’ and users’ online activity from hackers, giving them one less vector into the network.
Training employees

Security awareness training can teach employees how to protect their digital identities for the benefit of themselves and their employer. Hackers have less information to work with when employees know to avoid oversharing and use strong privacy settings. Training can also focus on spotting phishing scams and using company assets appropriately to avoid exposing the network to malware or other threats.
Related solutions
Data security and protection solutions

Protect data across multiple environments, meet privacy regulations and simplify operational complexity.

         Explore data security solutions
    IBM Guardium

    Discover IBM Guardium, a family of data security software that protects sensitive on-premises and cloud data.

     

             Explore IBM Guardium
      Data security services

      IBM provides comprehensive data security services to protect enterprise data, applications and AI.

             Explore data security services
      Take the next step

      Protect your data across its lifecycle with IBM Guardium. Secure critical enterprise data from both current and emerging risks, wherever it lives.

             Explore IBM Guardium Book a live demo