Believe it or not, two out of three people in the United States have had their personal information stolen by cyber-criminals. The likelihood is that this has already happened to you, and if not, it will happen eventually. And if it has happened, it will probably happen again. Why is this?
Even if you never click on a phishing email, and use a password manager to create and store longer randomly generated passwords, and coupled this with two-factor authentication your data is still at risk. The reason is that in most cases, the cyber-attackers are not getting the information directly from you, but are stealing it from servers where your information is stored with the information of thousands or millions of other people. This is because the companies that we have entrusted with this information are not doing a very good job of securing it. In all too many cases the information is not encrypted. Even passwords are occasionally found to be stored in plain text, or hashed using weak, easy to crack methods such as MD5 or SHA-1.
There is no way for us, as individuals, to protect ourselves from these sorts of security breaches. The best way to protect your personal information is to identify what information is the most important. Here are some categories that we believe are important to protect
- Personal data that could help criminals target us in the virtual and the physical world.
- Financial information such as bank, investment, and retirement accounts.
- Important personal information including medical records, income records, and tax filings.
- Professional information that affects how well we can earn an income, deliver goods or services, or interact with customers and co-workers.
- Information about our social reputation that impacts who we interact with family, friends, coworkers, and others.
Over the next five posts, we will look at ways to protect yourself and more importantly, detect and recover from the loss of personal information to cyber-criminals.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com