Keeping Your Personal Data Safe – Is It Impossible?

Believe it or not, two out of three people in the United States have had their personal information stolen by cyber-criminals.  The likelihood is that this has already happened to you, and if not, it will happen eventually.  And if it has happened, it will probably happen again.  Why is this?

Even if you never click on a phishing email, and use a password manager to create and store longer randomly generated passwords, and coupled this with two-factor authentication your data is still at risk. The reason is that in most cases, the cyber-attackers are not getting the information directly from you, but are stealing it from servers where your information is stored with the information of thousands or millions of other people.  This is because the companies that we have entrusted with this information are not doing a very good job of securing it.  In all too many cases the information is not encrypted.  Even passwords are occasionally found to be stored in plain text, or hashed using weak, easy to crack methods such as MD5 or SHA-1.

There is no way for us, as individuals, to protect ourselves from these sorts of security breaches. The best way to protect your personal information is to identify what information is the most important.  Here are some categories that we believe are important to protect

  • Personal data that could help criminals target us in the virtual and the physical world.
  • Financial information such as bank, investment, and retirement accounts.
  • Important personal information including medical records, income records, and tax filings.
  • Professional information that affects how well we can earn an income, deliver goods or services, or interact with customers and co-workers.
  • Information about our social reputation that impacts who we interact with family, friends, coworkers, and others.

Over the next five posts, we will look at ways to protect yourself and more importantly, detect and recover from the loss of personal information to cyber-criminals.

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment