What is PII & Why Protect It?

Let us start with what PII or Personally Identifiable Information means – it is the data that identifies or locates an individual and includes information like name, mailing or emailing address, date of birth, credit card information, phone number, ethnicity, gender, and criminal and medical records, to name a few. What can go wrong if such information is compromised? As per a recent study, the top identity theft crimes committed across the United States last year were:

What is PII & Why Protect It?

  • Government benefits applied for/received
  • Credit card fraud
  • Business / personal loan obtained on victim’s behalf
  • Tax fraud

Steps to Protect your PII

Protect your PII

Protect your SSN physically

A convenient way to hand over your Social Security Number to a potential criminal is to lose your wallet or leave your laptop unattended in your parked car. An equally convenient way to stop that from happening is to secure your social security card in a safer place than your purse or wallet and never leave your laptop in your parked car. Avoid sharing your SSN every time you are asked for it, except in situations where SSN is a legitimate requirement which includes employment, health insurance, financial and real estate transactions, applying for credit cards, bank loans, etc. Shred charge receipts, copies of credit applications, and other sensitive documents. Review your bills and credit reports regularly and be aware of telltale signs of a compromised identity.

Use a VPN

Using a public network without protection significantly increases the risk of a cyberattack because other network users can easily hack into your browsing and data. Also known as a virtual private network, a VPN protects your vital PII and browsing data by redirecting your internet traffic and disguising where your computer, phone, or other device is when it contacts websites. It also encrypts information you send across the internet so cybercriminals or your internet service provider can no longer intercept it. Now that you are convinced to use a VPN, be sure to install only the best.

Encrypt your files

If an intruder gets into your PC through a cyberattack, your next layer of protection could be file encryption which works by transforming the data in your file into code that requires a digital key to access it in its original, unencrypted format. Anti-virus and Anti-malware software often have such encryption features e.g., McAfee Total Protection includes File Lock that lets you lock important files in secure digital vaults on your device. If you decide to delete certain sensitive files from your device, be aware that sending them to the Recycle Bin does not really delete them in the truest sense. You might want to use software to overwrite or shred them in such a way that they cannot be restored.

Use strong passwords

A strong password does not always have to be a cocktail of uppercase, lowercase letters, and symbols; it could very well be a user-friendly one as long as it is between 8 and 64 characters long and is reset periodically. If that leaves you wondering about the ideal frequency to reset your passwords, it is at least once a year or when you hear about a data breach in an organization you have online access to with a username and password. Be sure to never leave your passwords on a sticky note on your work desk or use them across more than one account.

Multi-Factor authentication

Multi-Factor authentication makes it difficult for someone with your username and password to break into your account. It does that by prompting the user to enter at least one more authentication method besides username and password which could be a fingerprint, PIN code, etc. For example, if your authentication method is set to be a code received as a text message on your phone, it will effectively bar a potential cyberattack from criminals who only had access to your login credentials (i.e. username and password) but not your phone.

Install all OS/ software / application updates

Software updates are designed to keep your account and device secure from the latest security threats. A hacker can capitalize on your hesitation to update the software by using its inherent vulnerabilities to access your sensitive data. Software distributors generally release dozens of patches every week to address potential vulnerabilities. Make sure you don’t miss out on any by setting your updates priority to “automatic”.

Don’t fall for phishing attacks

Phishing attacks are emails from supposedly known, trusted brands asking for your PII under the guise of providing customer service. Verify and contact their phone numbers to be sure that the email under discussion is legit. Beware of all unprompted emails as they could potentially be phishing attacks.

Don’t “over-share” on your social media

Social media is such a gold mine for cybercriminals because users tend to share unnecessarily important details about themselves without a thought. Be careful and selective while sharing your information there. Set the privacy setting of your account to private so that only friends can see it. Do not post anything sensitive as everything you post on the internet can end up in the hands of fraudsters in the aftermath of a data breach.

Look for HTTPS or “Padlock” when you browse

The “S” in HTTPS stands for secure and it means HTTP with encryption. The major difference between the two is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, consequently it is way safer than HTTP. Some browsers will also indicate this additional protection by showing a small “padlock” next to the website’s address to indicate that the connection between your web browser and the website server is encrypted.


Once your PII is compromised, you become vulnerable to a vast number of mostly financial crimes. Credit cards and bank accounts can be opened falsely in your name, phony tax returns can be filed on your behalf and you will most likely take a hit before you even become aware of it. Recovery is possible but a cumbersome process. So why not be cautious and aware, and just prevent the hassle?