Proactive VS Reactive Identity Management. What is it, and why is it important to know the difference? Ideally all security management could be proactive instead of reactive. Identity management is the same. Data brokers collect your information and sell it online. The bigger your digital footprint, or attack surface, the more accessible your information is to data brokers and the more vulnerable you are. We’re going to go over what data brokers do, what makes up your digital footprint, how to be proactive, and give you some options to help moving forwards! Let’s get into it.
What is a data broker?
Your private information is all online. Usually behind secure passwords, sometimes companies called data brokers gain access to and sell your sensitive data. Also known as information product companies, these data brokers analyze your data and license it out to other companies. These companies can use this information for anything from marketing to phishing scams and hacking.
What data do they gather?
Data brokers gather different data from different sources. Some data seems innocent like your interests, demographics, and products you like or use. Companies having this information may only use it for targeted marketing, however, brokers can collect personal details and sensitive information as well.
Examples of private data that brokers collect:
- Full name
- Gender
- Birth date
- Contact info such as phone number and email addresses
- Home address and past addresses
- Marital status and size of your family
- SSN
- Education level
- Assets
- Career
- Spending habits
- Criminal record
- Political preferences/beliefs
- Medical history
Where do they get your data?
Data brokers can get your information from online and offline sources.
- Public sources: Some personal information is available to the public like voter registration, criminal record, and birth certificates.
- Search history: Using web scraping tools, data brokers can track content you’re interested in, what demographics you fall into, social media apps and websites you use, the content you like on those apps, and simple internet searches.
- Online agreements: When signing up for new services online, you often have to sign an agreement. Most agreements disclose that the company can collect and sell your personal information.
- Purchase history: When purchasing things online, data brokers can track what products you purchased and how you paid for them.
Who do they sell to?
After collecting your information from multiple different sources, data brokers create a profile with all of your information, private or not. They then sell your profile to buyers that can include marketers, insurance companies, and others. Many businesses (including scammers) purchase your information including:
-
- Tech companies
- Insurance companies
- Marketing agencies
- Law enforcement
- Banks
- Political agencies
- Other sales businesses
- Spammers and scammers
What is your attack surface?
Your digital attack surface is the number of attack points from which unauthorized users can attempt to extract your data, such as servers, applications, and websites. Your physical attack surface that attackers can gain physical access to, such as your computers, hard drives, and phones. This includes discarded hardware with your data still attached, passwords written on paper, and a physical break-in.The bigger the attack surface, the more vulnerable you are to attack. Minimizing your attack surface reduces your business’ risk of cyberattack.
What increases vulnerability?
We will get into how to decrease your digital footprint, however, there are factors that can lead to increased attack surface and vulnerability, including:
- Migrating to cloud platforms and other digital transformations
- Adding new hardware and software systems
- An increase in number of remote employees and hardware
- An increase in endpoints for web applications
- New ports for communication with third-party services in your firewall
- Business expansion such as new branches or data centers
- Using outdated software, insecure code, or unpatched vulnerabilities
Proactive vs Reactive Identity Management
What is Reactive Identity Management?
Using a reactive strategy towards identity protection and your digital footprint essentially means you are only taking action after a data breach occurs. Your team is focused on clean-up, damage control, and restoration.
What is Proactive Identity Management
Using a proactive strategy towards identity management is intended to anticipate data breaches and take action before they occur. While Proactive Identity Management is action taken when no bad actors have made an attack on your business, taking the time can help minimize potential damage in the future.
How to be proactive?
In proactive vs reactive identity management, being proactive means being aware of and protecting your digital footprint. We know that the larger your digital footprint, the more footholds scammers have to reach you. Deleting old accounts can help minimize your digital footprint. Have awareness of the kinds of websites you are using. Are they reliable? Do the reviews make the website sound trustworthy? In addition to this, you should ensure that you use strong passwords for your online accounts. Longer passwords with a combination of numbers, letters, and special characters can help manage your online identity. Using different passwords for different sites and services is also recommended. While this may sound inconvenient, a strong password manager can help. Keeping private data private when using public Wi-Fi is important, as well as avoiding oversharing on social media. You can even use a VPN to be even safer.
What else can you do?
Besides these other proactive measures, there are cybersecurity technologies that can help your business mitigate potential risks. Sites like pentester.com and joindeleteme.com are tools that can help you monitor your digital footprint and mitigate risk to your online identity. These sites, unlike credit monitoring sites, can submit formal opt-out requests on your behalf to prevent data brokers like Equifax, Experian, and TransUnion (others include Acxiom LLC, CoreLogic, PeekYou, and Datalogix) from selling your data. They can review your leaked passwords to make sure it is changed, not used anywhere else, and alert you of other possible data leaks across the internet. By monitoring your exposure on the internet with proactive identity management, you can keep you and your business safe. If you have questions or feel you need improved support, give us a shout to take control of your online presence!
