
I recently was reminded very personally about another frequently overlooked aspect of Information Security: do not forget to properly remove and shutdown assets or technology that you no longer use.
Prior to working in cybersecurity, I had created a technology start up. Not one to let things go, I had held on to the domain longer than I should have out of a hope of possibly one day trying it over again. Although I had finally parted ways with that domain, I had not taken the necessary steps to remove the related email addresses from other tools or services I had used. Not performing a proper cleanup of those now dormant accounts allowed a malicious actor to purchase the old domain, stand up an email server and begin a series of requests for password resets.
Ultimately the greatest loss in my case was social media accounts that were shut down and now appear to be irretrievable. The malicious actor quickly violated the controls of the social media companies, and the accounts were taken down before I or my family suffered any negative consequences of those actions. Regaining the trust of friends and family who may have seen a fake post would not be an easy task even though we all understand these things can happen.
I should have maintained an accounting of where these accounts had access, been sure to remove any legacy accounts and even possibly considered keeping the domain registered to me in perpetuity.
This experience has taught me the importance of a thorough and proactive approach to technology cleanup. It’s not just about deleting files or unsubscribing from services; it’s about understanding the potential risks and taking comprehensive steps to mitigate them. Regular audits of your digital footprint, including domains, email addresses, and associated accounts, can help identify vulnerabilities before they are exploited. Ensuring that all access points are secured or properly decommissioned is crucial in protecting your personal and professional reputation.
In conclusion, the lesson here is clear: never underestimate the importance of cleaning up after yourself and your business in the digital world. Whether it’s a domain you no longer use, an old email address, or dormant social media accounts, taking the time to properly manage and secure these assets can save you from significant headaches and potential security breaches. By staying vigilant and proactive, you can safeguard your digital presence and maintain the trust and integrity you’ve worked hard to build.