Data Protection

A guide to understanding Personally Identifiable Information

By 8th December 2020No Comments

In today’s cybercriminal world, Personally Identifiable Information, or PII for short, has become a much sought-after commodity by hackers and other threat operators.

PII is the term for any type of personal data that can be used in identifying a specific individual. This extremely sensitive information can be used by cybercriminals for a wide range of crimes that can have both a short or long-term impact on those it belongs to, and the companies responsible for safeguarding it when it is leaked in a data breach.

What are some examples of PII?

Many instances of PII are well-known, like names, addresses, telephone or passport numbers. However, as our society depends more on technology, what comes under this classification has broadened considerably. As well as financial details like credit and debit card numbers, PII can also now include website login passwords and usernames, social media posts, IP addresses, and even digital images. Data less seldom discussed can also feature in PI lists, including biometric and geolocation information that pinpoints where a person is in the world.

Why is it important to protect PII?

To conduct business processes, most enterprises must collect, handle, or retain PII. If they are a client or customer-focused operation, they may keep contact information or purchase histories on record, and even if they do not, they will still maintain a database of information on their own employees, such as payment records or personnel files.

Companies must assign a person within their organisation to be responsible for ensuring data security is maintained and that PII is never publicly exposed or exfiltrated by cybercriminals. In larger enterprises, this may be a dedicated Chief Information Security Officer (CISO), while for smaller firms this duty may fall to a manager of the IT department.

Legislation exists like the General Data Protection Regulation (GDPR) that is designed to protect the privacy of people and ensure those handling or storing PII protect it. Failure to take effective measures to keep data safe, or not following proper procedures following a breach where PII is exposed, can result in harsh consequences for firms. This can involve expensive fines and service downtime costs, or perhaps worse still can cripple a business’ reputation overnight.

PII and cybercrime

Cybercriminals use the PII they obtain in a wide range of schemes and scams. Sometimes, this may involve uncomplicated crimes, like using stolen account details to make purchases online, but PII can also be used as part of a larger campaign to infiltrate a company, wreaking havoc from within. PII can be employed to impersonate trusted individuals in spear phishing strategies that penetrate network defences, leading to massive data leaks.

Safeguarding data and keeping compliant

To assist enterprises in staying in line with regulations and legislation, and protect all PII stored or sent, Galaxkey has constructed a robust security platform with zero backdoors. Presenting powerful but simple-to-apply encryption, companies can make sure any sensitive data they keep on file or handle remains indecipherable to cybercriminals. Contact our expert team and arrange for a free online demonstration of our secure workspace and start protecting the personal information you hold without delay.