Data protection : understanding the risks and threats of unsecured PII

Posted by Alain Lebras on May 27, 2020 4:00:00 PM

A generation ago the digitization of information was a utopian dream where personal documents were safe from theft.

However today, reality is far from that with recent major cyber attacks of personal data across the world having taken place in the past two years.

Data protection : understanding the risks and threats of unsecured PII with ARender

The rise of data breaches

Indeed, last year (2019) the banking, credit and financial sector breaches were responsible for exposing 61% of sensitive records. In one American bank, the sensitive data of 106 million clients were stolen by an external hacker. Data breaches soared by 17%, and this year it is already on the increase – enough to make one’s eyes water!

With this phenomenal rise in hackers and cyber criminals, it is vital that cybersecurity for PII (personally identifiable information) that is stored on connected devices, software, applications and servers be protected and secured with the latest state-of-the-art technology.

 

Risks and threats

The risks and threats from not securing information like social security numbers, banks accounts, tax records, passports, etc, are multiple.

It just needs a misplaced form or an unsecured terminal to expose personal information to the wrong person. Other threats can include determined hackers to infiltrate wireless routers or to simply just go through rubbish bins.

Weak IT security can include vulnerability to viruses, malware, attacks, and a compromise of the whole network. If companies do not secure the PII of their employees and customers, data privacy, ownership and visibility will be put at risk. In addition, organizations that collect, process and store PII must accept responsibility for protecting this sensitive data or risk data breach and not meeting compliance standards and regulations which in turn can lead to heavy fines and directly impact customers.

When sending sensitive information across the web, it is vital that data is encrypted. By encrypting PII, individuals can be shielded from damaged credit and identity theft, and an organization can be protected from lost revenue, non-compliance, fines or reputational damage.

 

Data privacy rules

Last year, a collection of 2.7 billion identity records consisting of 774 million unique email addresses and 21 million passwords were posted on the web for sale. This type of breach has an immediate affect on an organization’s reputation and brand image not to mention eventual financial loss.

Ignoring PII security will put an organization in direct breach of the European GDPR legislation if based in Europe, and the new American Consumer Privacy Act which started in January 2020 if based in the United States. Managing PII in a way which is both secure and respects the rights of the supplier of the information can be challenging and thus tempt organizations to turn a blind eye. PII is scattered all around companies. It exists not just on centralized databases but also on spreadsheets, documents, PDF files created for printout, not forgetting information that can be stored on the Cloud (eg a sales force CRM system). If these places are not logged and traced, and not classified in terms of sensitivity, then an organization is open to a cyberattack.

It is therefore vital that these risks and threats be understood and identified and brought under efficient centralized control through high performance system management tools that can scan for PII, then log, tag and reversibly encrypt sensitive data.

Protecting personal data therefore contributes to an ethical and respectable society.

 

Comprehensive data protection frameworks

Arondor offers its customers a comprehensive approach to support them in their compliance :

  • Raising the awareness of the players involved in the compliance process

  • Framing and inventory of fixtures

  • Definition of an action plan

  • Implementation of the roadmap of the delegated DPO (Data Protection Officer)

  • Drafting of AIPDs (Data protection impact assessments) on the basis of CNIL guidelines

 

Would you like to find out how ARender security and privacy features can help you improve your customers' experience?

Sign up now to see a security-oriented demonstration!

Ask for a demo

 

Topics: data privacy