Introduction
PII. You’ve probably heard your I.T. department mention it before…or hopefully it sounds familiar from your regular security awareness training. Annual refreshers and updates to your existing cybersecurity knowledge is really the best way to keep your network safe on a day-to-day basis. With that comes the protection of all the data you have on there, including PII.
How much do you really know about this important term, and keeping it secure on a daily basis?
From what it stands for to how to protect it, this is your crash course on PII.
What Is PII?
PII stands for personal identifiable information and encompasses data that can be tied back to who you are, specifically. Things like your name, home address, phone number and Social Security number are all different types of PII. All PII, regardless of how easy it is to tie back to you, must be protected. Cybercriminals will “stalk” your profiles or scour the Internet to find out who you are and what accounts you hold. The more they know about you, the more effectively they can construct social engineering attacks that guide you into their trap.
Whether the data indirectly or directly indicates who you are, if it can be linked back to your identity, it qualifies as PII. It is considered confidential, protected data and those you manage it must do their best to safeguard it in storage and transit alike. This may sound intuitive, but classifying it as protected information allows the government to construct best practices and audit systems to guarantee your data’s safety, as well as punishment for violations.
Threats Against PII
How and why do cybercriminals go after your personal identifiable information?
- PII is also the most expensive data that can be compromised in a breach, as the hacker could sell it, break into and buy goods off of your accounts, and even extort the victim directly
- PII is the most commonly compromised kind of data, encompassing 44% of cyberattacks
- Criminals can sell your private information for hundreds of dollars on the Dark Web, selling for an average of about $200 per record
- In 2021, breaches that compromised credentials cost a total of over $4M
Cybercriminals will often go directly after a master vault of PII, like using a company’s sales database against them; this is why it’s important to use different credentials across all of your various accounts. The loss or compromise of one password shouldn’t mean the destruction of your entire online presence.
Protecting PII
Sometimes, it’s not as easy to hide PII from unauthorized access as it sounds. Hackers make their fortune by learning to breeze past your bare-minimal security measures and get into the accounts that really matter. That’s why equipping all of your Internet-connected devices with auto-scanners and firewalls helps detect unusual network activity so you can take more immediate action against the intruder.
Two-factor authentication requires you to verify your identity through some unconnected means, so even a hacker with your password wouldn’t be able to seize your accounts. Instead, you’ll get an alert about an attempted breach and know right away that something isn’t right.
Furthermore, there are regulations in place to standardize the protection of private information like this. Product designers are usually required to bake in some kind of protective software. Meanwhile, when you’re handling data at work (and especially remotely if you work from home), extra precautions must be taken. These requirements will vary depending on the industry you work in; for example, HIPAA covers data compliance for those who work in healthcare, but if you’re a government contractor then you probably need to know more about handling controlled unclassified information (CUI).
This all sounds confusing, which is why you should choose information security services that you know meet all of your compliances. Choosing an MSP to best protect your data means familiarizing yourself with which ones offer the compliance certifications that you need to stay successful and secure in your day-to-day life. If you can’t trust the people handling your data, why not go with an MSP that can?
Conclusion
Remember what they said when the Internet first came out? Don’t tell anyone your real name!
We’ve come a long way since that advice ruled the day. Now we post pictures with our geo-locations on them, let cookies track our progress around the web, set up social media dedicated to relaying our schedules to the world, wire our homes with bluetooth and have location services on in our pockets all the time. All of this makes it easy for us to go about our day, but it also simplifies a hacker’s job. The Internet stalker can simply sit, watch you go about your day online, and have detailed logs of every keystroke delivered right to their own machine.
Your personal identifiable information should be your most safely guarded data out there. It can be weaponized against you directly, sold to a spammer or used to extort money from you directly. If gathered PII helps the threat actor narrow in on your real-life location, that creates even more potential dangers.
Keep your private data secure, whether you’re communicating it online or have the files safely in storage. Education and vigilance is the best way to stay cyber-secure every day!
References
