The Sins of the Past

In Dickens's A Christmas Carol we are given one of the greatest metaphors of all time. When Scrooge is visited by the ghost of his old business partner, Jacob Marley, he finds that ghost trailing all things that Marley's greed goaded him into possessing: money boxes, transaction ledgers, pad locks and even heavy deeds. When Scrooge asks Marley where the chain came from, Marley's answer is chilling:

I wear the chain I forged in life. I made it link by link, and yard by yard; I girded it on of my own free will.

Believe it or not, this sprang to mind last week when I learned that current FBI directory Kash Patel had some of his personal emails leaked by enemies of the state. Iranians? Russians masquerading as Iranians? Iranians with Russian help? Who knows.

The point is not specifically who did it. The point is not the rather banal and inane content. The point is not that the content was from a while ago. The point is that we all wear the digital chains we forge in life. We make them account by account, and app by app; we gird it on of our own free will.

It is likely that Patel's old email was penetrated a while ago and that the perpetrators chose now to leak that content because we are at war. Or major military action. Or excursion. Or whatever the current administration wants to call it. Wartime has different rules, as I have written about before. Enemies of the state have different motivations than criminals do.

In addition to reminding me that wartime is different this incident also reminds me that our digital footprint can last, especially if we are the kind of people other people will likely care about. Patel started his career in the national security sphere in 2012, at which point he would have started being on some rather unenviable lists. This meant that his digital footprint would be scrutinized, attacked and preserved.

I have no idea what Patel's personal cybersecurity hygiene is like, but he serves as a great example all the same: simply abandoning an old account or forgetting about an app doesn't do anything to protect you. You have to take action to clean up your bread crumbs and you old digital messes. You have to secure or delete old accounts and scrub all that old data.

The same is true of your professional life, but hopefully your employers provide you with protection from a cybersecurity program. And hopefully that cybersecurity program makes this a priority. And of course you never re-use passwords or cross that boundary by doing work in the personal sphere, right?

The same is also true of "service accounts" which are created so that work can get done. You don't just abandon those, or assume that whoever has that job now is doing whatever with those accounts, do you?

Beware the joy of moving on and leaving it all behind. To paraphrase the great William Faulkner, unless you make it so, your past accounts aren't dead. They're not even inactive.

Unforging the chain of digital detritus is hard but that assumes that your cybersecurity program is even trying to do this. Getting your priorities is hard. We can help. Ask us how.