The Silent Threat of Personal Data Breaches
Websites collect personal identifiable information (PII) as a necessary part of doing business. However, this valuable data can be compromised in numerous ways, putting users at risk of identity theft and exposing websites to legal and financial consequences.
What is PII?
PII is any information that can be used to identify an individual, including names, addresses, phone numbers, dates of birth, and social security numbers. This sensitive information is often the target of identity thieves, with over 444,000 reported cases in 2018 alone.
The Cost of Data Breaches
A single security lapse can lead to a massive loss of PII, resulting in negative headlines and financial penalties. The Equifax data breach, for example, led to a $650 million fine. With data breaches becoming increasingly common, it’s essential for websites to prioritize the protection of PII.
Protecting PII: A Multi-Layered Approach
To avoid becoming the next victim of a data breach, websites must consider the various attack vectors and take proactive measures to guard against them. This includes:
- HTTPS Encryption: Using HTTPS to encrypt the connection between the website and server, preventing third-party interception and reading of submitted data.
- Hiding Information on Screen: Preventing sensitive information from being displayed on screens, using techniques such as password masking and Social Security number hiding.
- Third-Party Services: Being mindful of the data sent to third-party services and implementing measures to prevent PII transmission.
- Logging and Storage: Setting up filters to prevent PII from being logged in plaintext and storing sensitive information securely, using encryption and access controls.
- Employee Access: Implementing permissioning systems and auditing to ensure employees only access necessary information, and training them to understand data access policies.
- Data Retention: Avoiding the retention of PII beyond its necessary period, reducing the risk of data breaches.
Offloading Sensitive Information
A growing trend is to offload the storage of sensitive information to third-party companies, such as Stripe for credit card numbers or Very Good Security for general sensitive data. This approach allows websites to reduce their exposure to data breaches and focus on their core business.
The Never-Ending Challenge of Protecting PII
Protecting PII is an ongoing challenge that requires constant vigilance. By understanding the methods that can lead to data breaches and regularly reviewing security measures, websites can ensure the trust of their users and avoid the devastating consequences of a data breach.