Why is Private Information so Hard to Protect?
The news is chock-full of terrifying tales of data leaks, identity fraud, ransomware attacks, and malicious exploits that ooze up from the depths of the deep dark web. By now the world, for the most part, understands that the internet can be a dangerous place, which raises one very important question: why is it so difficult to protect our sensitive and private information?
What is Private Information?
In order to understand the problem, it is important to focus on exactly what constitutes private information and how internet bad guys use that information once they get their (cyber-) hands on it. Sensitive or private information refers to any data or information that relates directly to you and your identity. While it can be fairly easy to collect publicly available data, such as a phone number, email address, mailing address, or employer, private information generally comes in the form of passwords, banking account information, credit card numbers, social insurance numbers, and passport numbers. This information, when combined with publicly available data, creates a treasure trove of data that hackers can sell on the dark web for a nice profit. Once the information has been sold, your data will be used for identity theft or to access your private online accounts.
How Do Hackers Get Your Private Information?
Hackers can obtain private information in a few ways. One of the most common is via a phishing attack whereby someone enters their credentials into a fake website made to look exactly like the original. Once hackers have your username and password for a certain website, they will try those same credentials across other websites, such as online banking sites. This is a major problem for many people since the average person will generally use one password for several different sites, which is a big-time security no-no.
Weak passwords are another means by which hackers steal information. In order to save time, many people use basic, weak, and easy to remember passwords (e.g., password123), which are incredibly easy for hackers to crack.
Big time data breaches, including those at Facebook, Yahoo, Kickstarter, and Target, also lead to your private information being sold on the dark web. This is often caused by an overlooked security exploit, and other times simply human error.
While IT departments do everything they can to combat data leaks and breaches, technology alone is not enough. Without support and a solid understanding of security best practices from employees, private information will continue to be vulnerable.
What Can Be Done?
Even taking into consideration zero-day attacks (a cyber attack that occurs at the same time as or before a technical exploit is discovered) and mega smart cyber-criminals, there are still ways to protect your private information. Here are five ways you can keep your private information protected:
1. Find Out If Your Credentials Have Already Been Compromised
While it may be a bummer to hear, it’s very likely your information has already been part of a data breach. Use websites like Haveibeenpwned to first determine if your email address and/or password has been part of a data breach in the past. Also, there are several services that constantly monitor the dark web for your credentials. If you find out that your information has been exposed, your best plan is to change your password immediately.
2. Keep all software on your PC up to date
By keeping your software – be it your operating system, antivirus, or other third-party software – up to date with the latest technical updates, potential vulnerabilities (including even zero-day attacks if you update frequently enough) can be patched keeping your private information secure.
3. Enable Multifactor Authentication
Two-factor or Multifactor Authentication (MFA), is one of the best ways to combat weak passwords as it requires an additional form of authentication to access a system. This additional method can be a code that is sent via text, an authentication app on your phone, or even something more sophisticated like fingerprint or facial recognition. MFA is not only a big-time security booster; it also makes employees’ lives much easier.
4. Use a Password Manager
While we all know that using unique passwords for every site is a smart idea, keeping track of a few, tens, or sometimes hundreds of unique passwords requires either a photographic memory or a lot of sticky-notes. Services like LastPass and 1Password make this process easy. After installing a browser plugin, password managers will generate unique passwords for each site you visit, securely store those passwords, and then offer you the option to autofill each unique password when you visit a site. This way you only need to remember one strong, complicated password to gain access to your password manager and most of these services also allow you to enable multifactor authentication.
5. Stay Educated
Phishing attacks are one of the top ways cybercriminals gain access to your system or obtain your credentials. Make sure that you and employees at your organization understand the common signs of a phishing email. The short video below provides a more detailed explanation of what a phishing scam is, and what you can do to identify and avoid them.
While it will always be difficult to keep your private information safe, remember that there are always ways to keep abreast of new and emerging threats online. Keep these tips and suggestions in mind and keep your private information private.