The concept of “identity” encompasses a variety of data known as personal identifiable information (PII). PII may include direct or sensitive identifiers such as a full name, Social Security Number (SSN), driver’s license, mailing address, credit card information, passport information and medical records.
Advances in technology and the IoT (Internet of things) have changed the way individuals and businesses operate, and the list of sensitive information that comprises your identity has expanded to include computer usernames and passwords, webpages and blogs, IP and email addresses, PIN numbers, and more.
Identity theft is a highly profitable business, and anyone can fall victim. Identity fraud reached an all-time high in 2017, with 174,523 cases, according to the UK’s leading fraud prevention service. Identity-theft-related crimes have also skyrocketed in the U.S., with more than 14 million victims, according to a 2018 study.
Obtaining someone else’s PII is easy for cyber criminals who use a number of nefarious tools to trick their victims. The pieces of your identity are modern-day currency for cybercriminals, and as the world grows more digitalized, the harder it is for you protect your data.
When it comes to preventing identity theft, there are things that you can control and others you cannot.
Things you can control
- Educating yourself on phishing – It’s best to keep a lookout for fake messages and websites. Phishing is identity thieves’ most popular tool. Some of the most famous phishing attacks pose as messages from online retailers or services, government agencies, financial institutions or social networks.
- Updating your software regularly – An up-to-date system can protect your from any vulnerabilities that can be exploited. Make sure that your devices and applications are running the latest available patches.
- Using a security solution on your devices – Adding security to your devices can really make a difference. Security solutions monitor, detect and block any cyber-threats deployed by criminals such as malware and spyware tools. It can also keep you away from phishing or fraudulent websites aimed at collecting PII or financial data.
- The right to be forgotten – The passage of data protection laws has created guidelines for companies that gather, store and share your personal information. The General Data Protection Regulation (GDPR) legislation in Europe gives individuals the right to know what data is stored on them and how it is stored, as well as who manages it. They can also ask that their personal data be deleted from company databases. Similar legislation was adopted by the state of California, and countries such as Brazil, Australia, Japan and Thailand.
- Restricting access to your PII on social media – You can also impede attackers by minimizing your digital footprint and limiting the amount of information you publicly provide on online platforms.
- Using strong and unique passwords – Always use lengthy and different passwords or passphrases for each account, and avoid recycling passwords. Should passwords from one account appear in a data leak or data breach scenario, criminals will not be able to access additional platforms by using your credentials, a process known as credential stuffing.
- Activate multiple-factor authentication – This authentication mechanism will double check that your identity is legitimate before signing into an account, adding a second layer of security. Authentication factors can include a password, a PIN code, the answer to a secret question, a token, a SMS, voice recognition, a fingerprint or an authentication app.
- Avoid accessing online banking from shared or public computers – Public computers may lack security and are openly accessed by anyone. Don’t access sensitive data or make any transactions on unmonitored devices.
- Stop sharing email accounts and passwords – Sharing passwords with others can easily lead to your accounts being compromised.
- Pay attention to online shopping and the links you access – Online shopping websites can also give fraudsters a convenient way to steal your data. Only shop from known and trusted websites. A good idea is to also use a separate card for online shopping and make sure the connection is encrypted by looking at the address bar, which should read https instead of http.
Things you can’t control
Data breaches take place when private information is illegally accessed in a cyberattack on a service provider or organization. Online records are exposed every day, and some breaches can have devastating effects.
Businesses gather and use overwhelming amounts of customer information to improve their services and marketing campaigns. The exposed data may include your email address, account password, credit card number, Social Security number or other sensitive and PII data.
Almost 10 billion records are estimated to have been exposed through data breaches. More recent breaches include Facebook, with 267 million users exposed, T-Mobile’s 1 million users and the notorious Elasticsearch server containing 1.2 billion personal records. The information can be used in many invasive ways to conduct identity theft and other related crimes.
Recovery from identity theft is challenging and time consuming for affected individuals. Safeguarding your personal information from the prying eyes of cyber criminals is mandatory.