Estimated reading time: 8 minutes
Protecting your Personally Identifiable Information (PII) has never been more important. PII has been in the news quite a bit recently, with several high-profile security breaches. But what is PII? Why is it so important? And what can you do to protect yours?Read more: How to Protect your PII
What is Personally Identifiable Information?
Quite simply, and as the name suggests, PII is information that directly identifies an individual such as your:
- email address
- telephone number
- date of birth
- passport number
- driver’s license number
- credit or debit card number
- Centrelink number
- Medicare number
- Tax File Number (TFN)
Organisations use combinations of the above to identify you when you create an account with them. In the wrong hands this information can be used for identity theft / fraud.
Identity theft occurs when someone gathers personal information from / about you with an intent to commit fraud.
In isolation, most of the attributes listed above are of limited value. But when combined, they provide a unique digital fingerprint which enables cyber-criminals to masquerade, and perform actions, as if they were you.
When you provide PII to a business, there are unwritten expectations. Namely that they have appropriate checks / balances / safeguards in place. And that your data will be rock-solid secure. But in the digital world, that is not always the case.
By way of recent example(s):
- In September 2022, Optus was hacked. The PII of some 9.7m past and present customers was compromised. This was a significant security breach. You can find the latest updates on Optus cyber response here
- In October 2022, Medibank Private / AHM became the focus of a “cyber incident” with potentially 3.9m past / present customers impacted. Medibank advised they had been contacted by a criminal who threatened to expose the private details of high-profile customers if a ransom is not paid. You can find more information on the Medibank security incident here
- In October 2022, Woolworths subsidiary MyDeal.com.au was impacted by another high-profile breach that compromised the PII of some 2.2m customers. Details of the MyDeal.com.au breach can be found here
In the wake of these incidents, there is a strong media focus. People are increasingly concerned about: our data-retention laws / standards, and the vulnerability of their personal identity in the digital world.
The news media in Australia covered the evolving Optus / Medibank MyDeal incidents ad nauseam. So I am not going to delve any deeper into these specific cases. But it is important to underline the dangers of organisations capturing and storing this type of information.
Practical ways to protect your PII
Until there is a better way, you are going to have to provide elements of your Personal Information to transact in this world. But when it comes to sharing PII, proceed with caution and, only do so with “trusted” organisations.
“Once you have submitted information online, you cannot pull it back. You really don’t know how secure that information is with the organisation that you are entrusting it to – so it pays to be a little paranoid and provide the bare minimum.”
With that said, lets give you some practical ways to protect your PII:
General online safety
- Be careful where you click. As a general rule, do not click any links in emails. Phishing emails and websites abound on-line where hackers try to hook you in and draw out your PII to exploit.
- We recommend that you install a good quality security suite, ideally one that offers a site advisor plugin, which connects to your internet browser and helps steer you away from known bad websites.
- When completing online forms, look for the little padlock alongside the website address in your browser, which is a sign that the page is protected and data submitted via it is encrypted. If you don’t see the padlock, or if it is crossed out / broken then the site is not secure and you should not provide your data.
Ensure you have a super-strong password on all your online accounts and use a different password for each account. This is particularly important for accounts with financial institutions, government, telco’s / utility companies, and social media who all typically request / store a lot of PII data for their account holders. But also ensure that your email has a strong password, as this can be a wealth of information for anyone with nefarious intent.
TIP–> If you struggle to remember, manage, or come up with unique, passwords then use a secure password manager to generate and store them for you.
Multi-factor authentication (MFA)
Multi-factor authentication works by sending a time-limited, unique, code to you via SMS or Email. Or using a secure authenticator app such as Google Authenticator or Microsoft Authenticator on your mobile phone, to generate a unique access code. Both of these authentication apps are available on Apple and Android phones.
Your financial institution may also offer you a physical dongle which generates a time-limited unique code, which works in a similar way to the authenticator apps.
MFA is an important safeguard when people try to login via an unrecognised device. You should always enable MFA (where available) – but particularly on PII rich accounts such as your: financial institution / government / telco / utility / social media accounts.
Some people avoid MFA as they see it as an extra step / an inconvenience (BIG MISTAKE). MFA is generally quick and easy to use, and is far less inconvenient than dealing with the fallout of having your accounts hacked – which can include significant financial loss. So always put your online safety first.
As a general rule, if an organisation does not offer MFA as a safeguard for your account – we recommend you think twice about your relationship with that organisation.
Social Media – how to stay social and protect your PII
In addition to securing your account with a strong password/MFA, you should regularly review your social media security / privacy. And limit the information that you are sharing, and who you are sharing it with.
Do not share unnecessary information on social platforms (particularly PII). And only connect with people that you really know (verify by phone or in person before you accept). We strongly recommend that you limit visibility on your social media friend circle. Spoofed / fake accounts are increasingly common online.
Mailing Lists / Loyalty Cards / Online Surveys
If you feel compelled to sign up for mailing lists / loyalty cards. Do so with a separate junk email account. This helps draw a line between essential services / contacts and the rest of the world. And reduces spam / phishing emails to your primary email account.
The same applies to participating in online surveys / quizzes. Though we would strongly advise against you completing online surveys in the first place. Particularly those quizzes on Social Media accounts designed to further profile you, and any that require you to provide PII.
Do not blindly sign-up for mailing lists / loyalty cards or complete online surveys. If you do, then limit the information that you provide. If PII is not mandatory, then do not provide it. And if it is mandatory, ask yourself why? And should you really be providing it?
By way of example:
Your local pet shop requests your: name, address, phone number, email, and birthday as part of joining their loyalty scheme. They may even request your pet’s name. If you take a step back and think about it:
- if they’re not delivering to you, then they really don’t need your address
- telephone number is to help them find your account (but may also be used for SMS marketing)
- the email address is most likely for their mailing list (do you really want to be on this?)
- they really have no need of your birthday
- people often use their pet’s name in the passwords – so maybe don’t disclose
Most loyalty cards generally offer limited value and you have to ask, “is it worth sacrificing your PII, to get $1 (or less) off your next purchase?”
Limiting the flow of your PII across websites is essential.
With online shopping we recommend that you limit the platforms where you purchase goods online. And use a secure payment method such as PayPal rather than distribute your credit card / debit card details across the internet.
Alternatively you can arrange for a rechargeable pre-paid credit card that you only use for online purchases. Ensure it has a minimal balance to cover the items being purchased, and a small buffer, to cover any fees. Australia Post, and some major banks offer pre-paid cards, so take a look and find one that meets your needs.
This is not an exhaustive article, but we hope it guides you in the right direction when it comes to protecting your PII. Need more advice? As part of our Residential Computer Support, Senior Support, and Small Business Support services we provide online security advice. We are always happy to speak with customers about common sense steps you can take to protect yourself online.
Finally, it is important to note that most responsible organisations will take proactive attempts to secure customer data. But the online world is ever evolving. New vulnerabilities are frequently uncovered, and there is always someone waiting to take advantage and exploit a weakness.
FINAL, FINAL Word. Whenever there is a security breach at a service provider that you use (or have used in the past), regardless of any assurances they might give you, you should hope for the best, but assume the worst. That means taking sensible proactive steps to protect your identity by updating passwords on accounts that use the same Email with the same or similar passwords, setting up MFA where available, and where practical changing any ID documents (as appropriate) and / or requesting replacement bank cards (again if appropriate). It may sound like overkill – but it is far better to be safe than sorry.
If you found this article useful, please don’t forget to LIKE and SHARE buttons below