Advertisement

The Weakest Link in Personally Identifiable Information

By on

Click here to learn more about author Cathy Nolan.

Most of you will be familiar with the famous line written by Walt Kelly for his comic strip “Pogo,” and reproduced many times, which states, “We have met the enemy and he is us.”  When it comes to personal data security, we can definitely say we are our own worst enemy when we don’t follow the procedures for protecting our Personally Identifiable Information (PII). How many times have we read that the absolute best way of defeating hackers is to use different passwords for different online accounts and to change those passwords frequently? But how many of us actually do this? According to a recent survey, 60 percent of us admit to reusing passwords because it is too hard to remember them – and who could without writing them down? I counted up my accounts and I have 87 and that’s not unusual for those of us who work, travel, and have professional accounts.

As more data breaches occur, it is inevitable that one or more of your accounts will be hacked. If you have used the same password for all of your accounts, you have just given con artists an easy way to take over your identity. It doesn’t necessarily take a data breach for some unscrupulous person to get your information either. All it takes is for you to be lazy and hit “remember me” on your computer, or email a password to someone in your family who may not store it securely, or click on one of those links sent by an unknown person.

Hackers have readily available information for getting people to trust them. Facebook, eBay and other social networks tell them everything from our friends, our contacts, our family, where we go, and what we like. It doesn’t take a lot of sophistication to compile a pretty accurate profile of someone to make phishing attacks seem credible. Once a hacker gets into a system, it doesn’t take long for them to move laterally through a network, as we have seen time and time again.

Don’t be your own worst enemy, think again about following the advice you have heard over and over, but continually disregard.

  • Fix your password to a “strong” password and/or turn on two-factor authentication whenever possible. Start with your internet services like Apple, Microsoft, Facebook, Twitter and any others you use daily.
  • Use a different password on every site, you may have to subscribe to a password manager if you have dozens of these, but it’s worth the money to avoid having your PII stolen.
  • Most of your phone apps are tracking you via GPS and you agreed to this when you downloaded them. Do you really need all of them? Get rid of anything you don’t use and activate Do Not Track in your browser settings.
  • Don’t ignore updates to your software because many are addressing newly discovered vulnerabilities. Confirm that your home security system, smart thermostat, and any other smart appliances have the latest software. You don’t want someone using your home monitoring system to spy on you.

Remember that sending out legitimate looking emails to get your personal information is called “phishing” because you are the bait. Phishing is the second most common point into company IT systems and when someone has personal information about us we are more likely to trust them. Banks and other organizations are spending millions of $$ to educate their employees but when you have 100,000+ employees, as some companies do, it’s virtually impossible to secure all computers.

Verizon reports that just sending 10 phishing emails yields a 90% chance that at least one person will open an attachment. So while the no-brainer solution seems to be to teach people to be more alert to what comes into their inbox, this has proved to be very difficult – if not impossible. The consequence and the solution is that we will have to live with more email filtering from our companies and having IT build more firewalls that prevent us from making the mistake of trusting and opening whatever comes our way. Look for more security from your company in the near future but embrace it as a way to prevent your Personally Identifiable Information, and that of others, from being stolen and sold on the open market by hackers.

Leave a Reply