It’s becoming a common headline: “Criminals steal (insert alarming number here) personal records from (insert major organization here)”. We hear about it over and over and over and over and over again. In fact, it’s so common that the market for personal information is collapsing due to the abundance a healthcare records for sale on the dark web.
Clearly, our personally identifiable information, known as PII, is the top target for cybercriminals. In fact, according to research conducted by Javelin, nearly 16.7 million records were exposed last year in the United States alone. There’s big money in PII, and everyone—even your five-year-old—is a target.
What Is PII?
Personally identifiable information is any data that can be used to specifically identify an individual:
To clarify, here are somethings that are not considered PII:
- First or last name (if common, like John Smith)
- Country, state or city of residence
- Gender or race
- Name of school or workplace
- Business telephone numbers
- Badge numbers
Why Do Cybercriminals Want My PII?
Back in the day, thieves would dig through dumpsters of major retail stores hoping to find carbon copies of receipts that contained credit card numbers (they still do). Then, as technology evolved, bad guys invented card skimmers to steal the numbers from ATM machines (they still do this, too). But guess what? Your medical information is worth way more than your banking information.
Pardon me? Cybercriminals would rather have my medical information rather than my credit card? Truthfully, they would love to have both. But consider this: every day we create 2.5 Quintilian bytes of data; enough to fill 10 million Blu-ray discs. A lot of that data is personally identifiable information and it has more value than ever before.
Think about it. If someone has your personally identifiable information, they can pretend to be you. Health records give cybercriminals so much information about you that they can open credit card accounts on your behalf. They can take out a mortgage or use your medical info to file fake claims with insurers. Your information is a key that unlocks a very profitable door.
That’s why it is so critical for us all to know what information should be kept private. At work, if you handle customers’ PII, know and follow company policy to protect the confidentially of private data. At home, mind where you store PII and what you share. Stay vigilant and aware of potential threats. Monitor your on-line life, from medical to financial, from government to eBay. What you share online can, and will, be used against you. Never forget that it takes just one click to compromise your sensitive data.
How Do I Protect Myself and My Family?
Make no mistake about it, you are a target. So are your children. In fact, a study conducted by Carnegie Mellon University’s CyLab that included more than 40,000 children in the United States showed that 10.2 percent of them have had their Social Security number used by someone else. That rate is 51 times higher than adults. But we can protect ourselves and our families by following a few easy steps.
Top 5 Steps to Preventing ID Theft
- Share with care. Don’t respond to requests for personal information, such as your full name, birthdate, address or anything that might be useful for criminals. Regardless if the request comes via mail, phone or online, remain skeptical and keep your information private.
- Use strong passwords. We can’t emphasize this enough. Strong passwords are your best defense mechanism. And not just for your bank or credit card accounts; we need strong, unique passwords for EVERY account. Even your junk email account. Your front-door security is only as strong as your weakest password.
- Buy a shredder. Documents that contain sensitive information need to be properly disposed of. Shredding them is the best way prevent criminals from using a technique known as dumpster diving. Dumpster divers dig through your trash hoping to find bank statements, old credit cards, voided checks, etc. Don’t just dump; destroy.
- Keep tabs on your credit report. You should check your credit report at least once a month. If you notice major fluctuations in your credit score, or see queries that you didn’t authorize, contact the fraud department immediately. Consider joining an on-line Identity Theft Protection service.
- Trust but verify. When you’re online; whether applying for a credit card, a loan, or any service that requires personally identifiable information, verify that the site you are logged into is legitimate. Do your homework. Check the site’s reputation and consider installing a web-reputation plug-in in your browser. Look for the ‘https’ symbol in the Address Bar (it indicates that you have secure connection). If you’re unsure, close the window immediately.
Bottom Line: Protecting you and your family’s identity is up to you! You must be proactive and aware at all times. For more information about ID theft, these resources are invaluable: ID Theft Center, Pixel Privacy’s Online Identity Theft Guide
Latest posts by Justin Bonnema (see all)
- Incident Response: Time Is Not On Your Side - April 1, 2019
- 5 Traits of Security Aware Parents - March 14, 2019
- Bad Habits of Senior Managers That Put Security of Organizations at Risk - March 1, 2019