Keeping Your Personal Information Secure

Certain personal records are a gold mine for cyber-criminals and identity thieves.  Highly targeted personal information include your medical records, tax information, social security number, driver’s license, and even odd bits such as utility bills, and retail or airline loyalty rewards points.  Any of this information can be sold on the Dark Web, or used directly to get free health care, false tax refunds, merchandise, or airline tickets.

The first thing you can do to protect yourself from this sort of data loss is don’t create the information in the first place.  When filling out web forms, only fill in the mandatory fields.  Another good tip is to destroy old information that has no useful purpose or is outdated.  If it is deleted, it cannot be stolen, either.  Do not become an information hoarder.

  • If you find you cannot file taxes because they have already been filed, your tax refund has probably been stolen.  File your taxes as early as possible, to beat possible tax refund fraudsters and identity thieves to the punch.
    • See if you can qualify for an IRS IP PIN.  An IP PIN is a six-digit number assigned to eligible taxpayers that helps prevent the misuse of their Social Security number on fraudulent federal income tax returns.  This will prevent new tax fraud.  Unfortunately, to get one, you have to be a victim first.
    • We have seen an up-tick in spear-phishing campaigns where emails originate from compromised emails accounts of company officers.  The target is these campaigns are the HR department.  The requested information are the W-2 records of the employees.  This is used by tax fraudsters to file for multiple refunds.  If you work in Human Resources, you need to be looking for this type of attack.
  • Medical records are protected by your medical providers, under HIPAA regulations.  Hopefully, this is enough, because there is not much more that we can do as individuals.
  • Do not carry your Social Security card, or share your Social Security Number unnecessarily.
  • Utility bills are sometimes used to prove residency or in place of formal identity cards like a Driver’s License.  Use a shredder on any bills or documents that contain personal information before disposal.
  • You might want to keep an eye on any loyalty programs your are enrolled in.  These points have become a popular target for thieves, too.

In our next post, we will discuss the importance of protecting your professional information.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.