At the center of security efforts, we find personally identifiable information (PII)—the assets which organizations all over the world are entrusted to protect.
What is PII?
The most generic definition of PII is any information that could be used to distinguish or trace an individual’s identity. Examples include: full names, date and place of birth, and Social Security or national ID numbers, as well as medical, educational, financial, and employment information.
Do all countries in the world recognize PII?
Technically, yes. At least most of them do, but the term “PII” is specific to the United States. The EU, for example, refers to this type of sensitive info as “personal data”. Both Australia and Japan simply call it “personal information”. Regardless of the term, the concept is the same: highly sensitive data that requires protection.
What do cybercriminals do with stolen data?
You’ve likely heard the stories of major data breaches that expose the personal information of millions of people. Perhaps you’ve even been a victim of this. But what actually happens to exposed data? How do cybercriminals actually use the data?
They sell it on the dark web.Credit card numbers, national ID numbers, email addresses, and passwords all fetch certain prices on the underground economy.
They launch spear phishing campaigns. With enough information, cybercriminals increase their chances of successful phishing attacks because they’re able to target specific individuals or organizations while sounding legitimate.
They pretend to be you. Identity theft is a top concern. If attackers gain access to your personal info, they can open accounts in your name, attempt to claim tax refunds, and file insurance claims, etc.
They attack even more accounts. In the case of stolen usernames and passwords, criminals use “credential stuffing,” which is an automated attack using those same usernames and passwords to gain access to other accounts.
What’s your role in protecting PII?
First and foremost, always follow our organization’s policies, which were designed to protect sensitive data. Stay alert, treat all requests for sensitive data with skepticism, never allow someone to use your credentials (physical or digital) for any reason, and think before you click. If you see something or hear something, say something! Reporting incidents ASAP is a vital part of protecting data.
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 24,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.
Number 96 on the list Inc. 500 of 2018, number 34 on 2018’s Deloitte’s Technology Fast 500, and 2nd place in Cybersecurity Ventures Cybersecurity 500, KnowBe4 is headquartered in Tampa Bay, Florida, with offices in England, the Netherlands, Germany.
For more information contact us at firstname.lastname@example.org