We live in a new digital age where we see both our personal and work lives become increasingly more dependent on our computers. The things we once did traditionally such as, banking, taxes, mail, etc., we now do virtually through our phones and computers. This has become a great convenience for our daily lives, but not without risk. It is of utmost importance that all users learn these risks and be knowledgeable on how to best safeguard against them.
As we load more of our personal information onto our internet-connected devices, we risk our information being stolen in a data breach. A breach occurs when it is suspected that users’ personally identifiable information (PII) is stolen, lost, or leaked to non-authorized individuals. The US Army defines personally identifiable information (PII), both digital and physical, as any information that can be used to identify a person’s identity. Some examples of PII could be, but are not limited to names, addresses, phone numbers, credit card numbers, personal identification numbers (social security, driver’s license, etc.), personal images, etc. In the event of a breach, it is common for the information gathered to be bought and sold through underground marketplaces and users face possible damages such as identity theft, credit card theft, or fraud.
An important step in safeguarding personal data is reviewing where the data is stored and making sure it is a secure environment. When storing, processing, or sending PII there should be a focus on limiting the potential for any information being leaked. One simple and easy way to start is to make sure you create a strong password for all accounts which allow access to sensitive information. Within an organization, personally owned computers should not be used to access, save, or store PII unless users are accessing it via Remote Desktop Services. When PII must be emailed it is important that it be sent with an encrypted attachment, and the password provided separately (e.g., in person or over the phone). Simply taking these few steps when handling PII will greatly reduce the risk of PII reaching the eyes of a non-authorized individual.
As a final point, the protection of PII should be the utmost importance for both businesses and individuals. When a person entrusts a business with their personal information, it is the responsibility of the business to keep that information safe from any unauthorized individuals. Likewise, individuals should always be vigilant when handling their sensitive information. Utilizing the best practices for protecting PII previously stated in this article go a long way in protecting not only oneself, but the reputation of the business as well. Hackers are becoming increasingly creative with the way they obtain individuals information, thus creating strong passwords, properly storing, and utilizing encryption tools go a long way in safeguarding PII.
US Army Records Management Directorate. (n.d.). Personally Identifiable Information (PII.). U.S RMD/ADD. https://www.rmda.army.mil/privacy/PII/PII.html
United States Department of Homeland Security. (n.d.). Handbook for safeguarding sensitive personally identifiable Information. U.S. DHS. https://www.dhs.gov/