Do you really know the impact of OSINT on your company's data? 💣

What is OSINT and what is it used for ?

OSINT, Open Source Intelligence, is the analysis of publicly available information to derive useful elements for a specific use... such as carrying out targeted cyberattacks !

This is because cybercriminals use OSINT to harvest public or semi-public data on organizations and their employees, then cross-reference and exploit it to uncover corporate security vulnerabilities.

Think, for example, of attackers who can find :  

• Type of device used (make, model, OS, etc.)
• The type of tools used (Google or Microsoft suite, etc.)
• Strategic customer information  
• And many more

Let's be clear from the outset that OSINT isn't all bad news. In fact, it's also a set of techniques used by "nice" (white hat) hackers and law enforcement agencies to solve investigations

How can this information be publicly accessible when you're already investing in cybersecurity ?

OSINT uses, among others, textual and visual elements to collect data. As a result, this information can be disseminated and accessed if your employees :

💣 Work in public places without using screen filters (trains, planes, airports, cafés, etc.).

💣 Leave devices unattended, locked or unlocked, in these public places (true: I've seen someone leave a train carriage with his phone unlocked on his table).

💣 Share images on personal and professional social networks without blurring the screen: photos where you can see on the screen that MS Teams is open, photos of projects, business trips..

💣 Use their personal devices for professional purposes, even if you provide them with professional terminals: they connect to e-mail, calendar, the cloud, create WhatsApp groups between colleagues, etc.

💣 Connect to unprotected, unsecured WiFi networks (trains, airports, cafés, hotels), exposing your business to man-in-the-middle attacks

bconnex recommendations for improving your cybersecurity

As you can see, the human factor plays a central role in OSINT and IT security breaches, on several levels. So there are a few reflexes to acquire or actions to put in place in order to frame this

Here are bconnex's recommendations for improving these aspects of your cybersecurity :

🔐 Make your employees aware of the dangers of OSINT and the information they share online... even unconsciously!

🔐 Provide devices equipped with screen filters (laptops, smartphones, tablets, etc.).

🔐 Provide VPN software for any connection to public WiFi or home WiFi for telecommuting (because yes, the box at home isn't very secure either).

🔐 Implement robust strategies for device provision and management (BYOD, CYOD, COBO, COPE, etc.).

To take the subject further, here are three other resources we suggest

• Article « COBO, COPE, WPoCoD, COSU, BYOD, CYOD,...: bien comprendre et bien choisir sa stratégie de gestion de parc de mobiles » 
• Article « Le mélange pro-perso : comment assurer sa sécurité à l'ère du travail hybride ? » 
• Article « Les bonnes pratiques pour booster le ROI de son UEM » 

In short : don't underestimate the role of human in cybersecurity.

Remember: cybersecurity isn't just about technology, it's also about human behavior.

As IT professionals (CIOs, CISOs, IT asset or mobile fleet managers, etc.), it is our duty to combine the right tools with secure practices on a daily basis so that every employee becomes a player in the protection of our companies' data 💪🏻 

Read also the article: "Cybersecurity culture   : the central role of the employee".

Secure your data and IT assets with a trusted partner like bconnex

bconnex helps you audit your current level of protection and set up an incident response plan.

bconnex is also the first Lookout partner in France to become an MSP, offering managed services for your mobile fleet.