When a Mistake Impacts Your Identity
When we hear news of another major data breach, one that compromised the personal data of a large number of people, we tend to think of hackers or cybercriminals playing their digital trade.
The reality of data breaches, though, includes events that were completely accidental. Some breaches stem from a lack of authentication, a lack of encryption, or just simply clicking the wrong button on the keyboard. Often, it can be a matter of losing physical control of the information itself, such as documents that weren’t destroyed before discarding, or an employee’s work laptop that is lost or stolen.
According to a survey of Information Security Forum members, “the vast majority of those network openings were created innocently through accidental or inadvertent behavior by insiders without any intention of harming their employer. In a number of cases, that vulnerability was, ironically, the result of a trusted employee doing a seemingly run-of-the-mill task like taking files home to work on in their spare time.”
Unfortunately, just because there was no ill will on the part of the person who leaked the information, that doesn’t mean you’re necessarily safe from the threat of identity theft. A number of accidental breaches have been reported after entire databases of consumers’ records were found online; there is no way of knowing how many people stumbled across that information, and whether or not anyone used it for fraudulent or criminal purposes.
It would be great if every single company you do business with posted its data protection policy in a highly visible area for all employees to read. After all, it would save you the time and hassle of asking every employee you come in contact with how they planned to store your information before you turned it over, as well as who would be able to access it, what kind of encryption they would use to safeguard it, and more. But that’s simply not realistic.
Instead, you can take a proactive stance when it comes to protecting your data and the information of others:
1. First, before turning over highly sensitive levels of information, adopt an air of caution.
Find out why your doctor’s office needs your Social Security number, for example, and if they can’t demonstrate both a need and a method for securing it, don’t turn it over.
2. Next, for all the past times you’ve had to provide any personal information, you need to stay on top of monitoring your accounts, your statements, and your credit report.
There’s an excellent chance you may have already been involved in some type of data breach, which means your information may already be “out there.” You need to protect your accounts and your identity through routine monitoring.
3. Finally, be the force for change when it comes to preventing data breaches.
If every business—of every size, and in every industry—took charge of securing information in order to prevent both accidental and intentional data breaches, we would all sleep a little easier. Talk to your supervisors at work about employee training, awareness of data breach threats, and cybersecurity as a whole.
Just because it wasn’t the work of a hacker, that doesn’t mean you’re better off in an accidental data breach. Reducing the risk of a breach means reducing the risk of identity theft for a lot of people.