Home » cyber security » Securing Your Customers’ Personally Identifiable Information
personally identifiable information

Securing Your Customers’ Personally Identifiable Information

To a cyber fraudster who’s out to make some money, there are more options than hacking in to bank accounts or credit card databases. In fact, compared to those methods, some approaches are easier, more lucrative and, unfortunately, far more damaging to the victims. Theft of personally identifiable information (PII) is a popular and highly problematic cyber security issue, and the recent attacks at Sony and Google have brought the problem to the forefront of many organizations’ security concerns.

Personally identifiable information — any data that can be used to determine the identity of an individual — is practically everywhere online. Many companies keep PII in their databases to better serve their customers and, in some cases, provide core business functions. When hackers get their hands on this information, it can be sold for a premium on the black market. And the company responsible for losing the data faces steep fines and loss of consumer confidence. In severe cases, it has even led to the closure of an organization.

While most financial institutions understand the sensitivity of the information they protect, organizations in other industries are less likely to recognize the need to protect their PII. This often means cyber security is a lagging priority, even though PII is stored in their systems. And this lack of security makes them prime targets.

It’s essential for any business that works with PII to understand the critical importance of protecting their data. If your firm deals with such information, there are some best practices you can implement to keep your PII locked down:

  1. Privacy training. Even the most solid technical security solutions can fall short if employees aren’t privacy and security savvy. In fact, hackers frequently engage in an attack method called social engineering to trick employees in to giving away access to systems. Any organization that’s serious about protecting PII needs to make thorough privacy training a core competency.
  2. Incident response. In cyber security, your ability to respond quickly and appropriately to a breach is just as important as your ability to avoid one. To mitigate the damage caused by a breach, it’s absolutely critical that all parties know their role in response, and that all regulatory obligations (such as incident reporting) are part of a clearly defined incident response plan.
  3. Policy and governance. To make a privacy effort work, the effort needs clear and detailed documentation, along with a governance structure for accountability of the process.

A robust privacy protection plan may be an overwhelming task for companies that have limited experience with advanced cyber security. But with the help of an experienced partner, the task is well within reach for firms of all sizes. Lunarline supports our clients with the training, planning and technical implementation that go in to a solid privacy solution.

To learn how we can safeguard your organization, visit lunarline.com or contact us today.

About Spence Witten

Spence has somehow survived ten years at start-ups and small businesses without suffering a (major) nervous breakdown. As Lunarline's Director of Federal Sales, Spence actually loves working on proposals. If there were any doubt, this is proof that he is in fact certifiably insane. While his title says "Sales" Lunarline doesn't let him off that easy. We make him do real work, too. Luckily he's a recognized subject matter expert in security policy and loves helping clients navigate their way around tricky security compliance standards. He's also been known to lead a software development initiative or two, though that pretty much always ends poorly for everyone involved. He can be reached at spence.witten@lunarline.com.