Protecting Customers' Personally Identifying Information
September 21, 2020
Return to Learning Center
Customer databases are the most critical type of data held by many businesses. Unfortunately, all it takes is one major data leak for customers to lose faith and for your business to potentially be fined and penalized. Any type of customer information is a tempting target for data brokers, hackers, and cybercriminals. But what identity thieves and other nefarious focus on is personal identifiable information (PII) such as social security numbers, names and physical addresses, phone numbers, and usernames and passwords.
Every year, billions of consumer data records are leaked in hundreds of data breaches which end up costing consumers arguably hundreds of billions of dollars in cost every year. PII being leaked is cause for concern as these are key ways that cybercriminals can take over critical accounts such as bank accounts and lines of credit.
What methods did hackers use to gain access to personal data? Unauthorized access, ransomware and malware, phishing attacks, misconfiguration problems, social engineering, and API abuses are all ways for criminals to steal personal information.
Among all industries, healthcare is one of the most concerning attack vectors, especially in the COVID-19 era where an unprecedented amount of data is being collected. Healthcare centers store a large amount of PII, so they're an valuable target for cybercriminals. The healthcare sector has often fallen behind other industries in modernizing its IT infrastructure due to the strict regulations imposed on it. Additionally, the industry tries to design systems for non-technical users so there's always a conflict between usability and security measures. There's no doubt that things will improve in healthcare, but caution about what your doctor and hospital and health Apps do with your personal data is key.
Other sectors affected by data breaches include banking and insurance, government agencies, education, technology, travel, and communications/mobile. What can organizations do to better protect their customers against the theft of personal identifiable information? This is a large topic, but businesses should consider identity and access management a critical part of securing their customer data and core business. That means creating a framework for identifying, authenticating, and authorizing the proper access for sensitive information. Using best security practices such as the principle of least privilege is wise from a security standpoint. These measures are not easy to implement, but ensure that your business will not be destroyed overnight by a nefarious hacker.
We hope you enjoyed reading this guide and learned something new! Check out our Learning Center to learn more about online privacy and security or consider subscribing to our Online Privacy Service to remove your phone number, name, and address from Google, Bing, Yahoo, and DuckDuckGo search results and hundreds of data broker sites.