Lisa Gansky
Lisa is a security researcher and writer in New York City, serving at the Head of Digital Governance at The Media Trust.

Digital Governance 101: Evicting Exfiltrators

There’s a spot on the garage floor right underneath your parked car’s engine… and it’s growing. Your car has a leak—but what is it? Oil? Coolant? Brake fluid? A combination of all three?

You need help finding the issue before it grows worse or dangerous. So you take your car in for regular maintenance—newer cars even have computers that monitor systems, alert you to mechanical issues, and even offer recommendations.

Your digital properties—websites and apps—are very similar: they need constant monitoring and regular maintenance as you swap in or out various partners. You need a lot of third-party companies (call ‘em vendors, if you will) to offer consumers a superb experience, and to facilitate marketing and selling efforts.

But vendor code expands your digital attack surface. Vendor code that isn’t properly managed is a conduit to unwanted activity where bad actors introduce malware and consumer data starts leaking out. At a moment where this data might be the most valuable substance online, you can’t afford to let them slip away… potentially into the hands of your competitors.

Exfiltration Exploits

The online ecosystem has a long history of shady companies worming their way onto properties, quietly scraping data, and then reselling them for ad targeting or other purposes. The fancy name for this is data exfiltration—unauthorized data transfer from a consumer device by a third party.

Consumer data garnered from your properties is and should be a competitive advantage. Giving exfiltrators the opportunity to exploit your sites and apps wipes away that advantage, potentially handing conversions to your competitors. Rather than an oil leak, exfiltration is like strangers siphoning gas from out of your car’s tank.

This kind of data theft most definitely violates consumers as well. When a consumer agrees to be tracked or cookied on your properties, they are making that agreement with you and your authorized partner

So not only is it a good business practice to ward off exfiltrators with tight vendor and third-party code management, it’s also a service that you owe users of your sites and apps.

Preventive Measures

Despite the labyrinthine nature of code on contemporary sites and apps, keeping your vendors and third-party code in check is straightforward. But it requires diligence, which is always tough. Fortunately, service providers can help you keep vigil on these tasks.

Monitor for Vendor Violations. Monitoring all the code—source and third-party—running on your properties is more complex than it seems. You can’t rely on test and controlled environments to give you an accurate reading of what consumers are experiencing. Code will respond differently to various device and browser configurations, and you could miss a vulnerability. You have to see what’s going on in the wild—that requires a solution employing continuous property scanning with countless device, browser, and data profile combinations.

In addition to shielding you from data exfiltration, continuous scanning also highlights emerging malware attacks, protecting customers from payment information theft and your organization against unwanted exposure of company data and brand. It’s not just PII that needs to be kept safe—if a customer discovers they got malware on their laptop via your site, they’re probably not going to remain a customer much longer.

Limit Third-Party Code on Sensitive Pages. Social media companies are fantastic strategic partners for marketing efforts. Brands need these platforms to reach certain demographics and age groups—some of them are so popular, nearly everyone has an account.

But every social media company is in the business of selling data—and they will collect wherever they are integrated. To keep your properties secure, keep social media and all other data-selling third-party vendors data off payment pages. Due to the sensitive data therein, you’ll protect your brand and your customers—not just from harm, but also from companies that may exfiltrate and repackage your customer data potentially to sell to competitors.

Be Discerning About Third-Party Code on Page. Yeah, third-party and vendor code are super useful and necessary tools, but that doesn’t mean you need code from everyone and their grandmother on your properties (no matter what marketing says!). Less third-party code means a smaller, more manageable digital attack surface.

It’s best to be choosy—have a process established for determining the value a vendor’s code brings to your properties versus the risk of leakage or exfiltration. These should be cross-departmental conversations, so it’s best to have a task force set up specifically for this purpose.

Just as important—you need a process and a task overseer for off-boarding vendor code when a relationship ends. Parting can be sweet sorrow, but it will be even sadder if your ex-partner remains in your digital environment so they can continue collecting and repackaging your data for your competitors.

No Crumb Left Behind

To pause from the car analogies for a paragraph, managing digital properties sometimes resembles watching after a toddler. You know they’re pretty messy when they eat—would you ever skip sweeping up after they’ve demolished their supper? Nope! That’s like rolling out a doormat for mice.

So keep those crumbs of customer data safe and sound, and make sure you’re not making it too easy for the incestuous AdTech world to scrounge and peddle all that valuable data to others. Key to securing your properties is continuous monitoring of vendor activity, keeping only highly necessary third-party code on sensitive pages like payments, and being super selective about the vendor code you allow on your properties.

Read the previous post on securing digital properties here. Next up: Regulatory and privacy compliance.