Are You Effectively Protecting Your Customers’ PII?
Personally identifiable information, or PII, is some of the most valuable data on the market today. Unfortunately, this makes PII incredibly sought after and susceptible to theft. Regardless of your institution, whether it be a school, corporation, or hospital, your business houses sensitive data that needs protection.
What Is PII?
While most organizations store this data in one form or another, many do not identify PII as such. When your personally identifiable information is stolen, despite how insignificant you may consider it, PII allows thieves to slowly but surely build a profile for you based on all the information they have, which allows for further and continued identity theft. It is important to understand that PII comes in two distinct forms.
- Static: Also known as fixed PII, static refers to information that cannot be changed by you once compromised. Static PII includes your social security number or date of birth. Once that information falls into the wrong hands, there is no way to alter it to prevent thieves from using it.
- Dynamic: Bank account numbers, credit card information, email addresses, and passwords all fall under dynamic PII. While they are still damaging if stolen, a credit card or login password can quickly be canceled or changed to make the information useless to the wrong people.
At first glance, loss of PII may seem like an issue on the individual level that only affects those who lost the information, but both the people directly attacked and the company that lost their information suffer. In 2013, Target had a major security breach which resulted in the compromising of up to 70 million customers’ personal information. A breach of this magnitude resulted in $60 million-dollar direct costs to Target, and resulted in a 5% drop in revenue due to customer’s lost trust in the company.
Protecting Your PII
With the ever-growing rate of technology advancing, it is nearly impossible to guarantee your customer or employee PII will remain safe permanently. However, various security technologies allow you to keep your data as secure as possible.
- Avoid Static PII: Implementing fixed personally identifiable information into systems is dangerous because there is no guarantee that it will remain safe, and once compromised there is no way to reverse the damage. Avoiding the use of static PII as much as possible is your safest bet.
- Encrypting: Storing passwords in plain text in a database is a risky move because the moment a malicious third party gets a hold of it, everyone’s PII is at stake. Salt and hashing passwords provide for more difficult hacking and better security.
- Remove Data Frequently: If you store personal data for extended time periods you increase how much access the culprits have. Remove anything unnecessary often to lessen the impact of a security breach, and request new or updated PII only when necessary.
- Use Security Questions: Security questions are incredibly specific and can even be user-generated to increase hacking difficulty. Security question implementation provides answers that are personal and not on record anywhere, substantially limiting any opportunities for hacking.
Protect Your PII
From the customer to the company, regardless of what end of the equation you are on, PII is vital to your operation, but having it stolen is detrimental to your reputation and your customers. Protect your company and your customers by monitoring advances in security solutions to protect all valuable information and to ensure any incidents remain as small and contained as possible. By upgrading your security measures, you ensure a better future for the safety of your customers’ personally identifiable information.