Arrow Perspectives: What is PII, and Ways to Protect Your PII

Most of our articles center around physical security topics. However, with the rise in security threats to corporations and individuals, this is a security topic worth talking about.

As the name implies, personally identifiable information, or PII, is any information that permits the identity of an individual to be directly or indirectly inferred, including any information which is linked or linkable to an individual.

There are 2 categories of PII, depending on the context and combination of data: sensitive and non-sensitive. The obvious sensitive PII are social security number, credit card & bank information, and drivers license/passport numbers. However, cyber criminals can use a variety of non-sensitive PII to obtain sensitive PII, then use it for criminal purposes.

According to the Bureau of Justice, over 24 million U.S. residents are the victims of PII theft each year, and the FTC reports that over 230,000 had their identity stolen in 2023.

California led all states with identity theft cases, followed by Louisiana, Florida, Delaware and Nevada.

The obvious motive is financial, but in many other instances PII theft can be retaliatory or reputational, which commonly occurs on social media platforms where perpetrators create fake accounts and seek information from unsuspecting social media users.

So what can be done to help protect your identity? Besides having situational awareness when browsing online, using ATMs, filling your gas tank at the local station, or even walking around in crowded public places, we offer the following tips:

• Consider strong passwords: Consider increasing the character count to beyond 15 and use a combination of upper/lower casing & special symbols (!, $ and @ are the easiest to use when texting because they’re in the first shift panel). An easy way to create & remember such a long password is to use a phrase that only you would know. Avoid using names of children, pets, and anything that can be easily obtained from social media
• Keep your credit reports locked: It only takes a few minutes, but log onto to the major credit bureau and set your credit report to “locked.” It doesn’t cost anything, and this way if anyone does access your PII, they can’t open new accounts with your information. Just remember to unlock or add a “thaw” before you look to open any new accounts or loans
• Two-factor authentication: Many online sites automatically require two-factor processes, for which once you enter your login information, the application will then ask for a character sequence which is sent to your phone via text, email, or authenticator app. Other platforms use biometrics, QR codes, or security “tokens” to authenticate users when logging in
• Public WiFi: Avoid public WiFi when possible. Simple
• Consider a VPN: If you do, however, need to use unsecure WiFi, consider a virtual private network (VPN), which creates a secure online path and blocks out spyware & hackers. If you have financial accounts that you log into routinely, a VPN is a must!
• Buy a shredder: Yes,physical mail, bank statements and other sensitive paper documents can fall into the wrong hands the old-fashioned way. A shredder is a simple way to protect your identity before putting those statements in next week’s recycling
• RFID devices: Today’s radio technology makes it easy to make that purchase, tap your credit card, or use that digital wallet, and that is due to radio-frequency Identification (RFID). However, today’s cyber criminals can use RFID devices to lift PII without you even knowing it. If you travel outside of the country or attend high-volume shopping areas routinely, consider an RFID blocker; those little cases that help protect your phone and wallet, which obviously holds quite a bit of PII

The last bit of advice we offer: If you have children, talk to them about the importance of protecting their PII. It could be one of the most practical things you can teach them.

If you suspect that your PII has been stolen or compromised, contact the Federal Trade Commission (FTC) for more information, www.ftc.gov or 1-877-IDTHEFT.

Have a question about securing your company from cyber threats or other security vulnerabilities? Contact Arrow Security today. We can offer a holistic threat assessment to help bring you peace of mind, as we have deep security expertise across a variety of industries and business types.

This article is provided for informational purposes only and does not constitute advice of any kind. The information herein was sourced from third parties that Arrow Security believes to be reputable and reliable. Always refer to local jurisdictions for any legal precedents.