Protecting Personally Identifiable Information

Cyber attacks and data breaches are on the rise.  According to, 2017 saw a 45% increase in reported data breaches since the tail end of 2016.  No industry, type, or size of business is immune with companies as diverse as Gmail, Intercontinental Hotels Groups (IHG), Dun & Bradstreet, Blue Cross Blue Shield/Anthem, Chipotle, the California Association of Realtors, FedEx, Aetna, Under Armor, Panera Bread, Instagram, Ticketfly, and Facebook falling prey to attacks which have affected thousands upon thousands of records containing Personally Identifiable Information.

As cyber attackers become increasingly sophisticated, individuals and their Personally Identifiable Information are at more risk than ever.   Personally Identifiable Information is defined as an individual’s most uniquely identifying and confidential information such as social security numbers, birth dates, driver’s license numbers, credit and debit card numbers, financial account information, healthcare information, and more.  Protecting Personally Identifiable Information before you pass that information along or execute a transaction that contains it is key.  While you can’t control what happens when your Personally Identifiable Information is in the hands of an outside organization, here are a few simple things you can do to prevent yourself from becoming a victim.

1. Be aware of the types of organizations you’re doing business with and inquire about their policies for safeguarding your Personally Identifiable Information.

Though large organizations with databases including numerous Personally Identifiable Information-containing records, such as healthcare companies and real estate companies, are at the greatest risk of having their systems hacked, any organization with which you conduct business and to which you’ve given any piece of your Personally Identifiable Information could also put you at risk.

Untracht Early has strict policies and procedures in place, designed to safeguard client information from various potential lines of attack.  We encrypt and password protect sensitive information before we pass it on to third parties outside our firm and advise clients who receive password protected or encrypted documents from us, which then may need to be transferred on to additional parties, to do the same.  This simple step can prevent an unauthorized party from gaining access to sensitive information.

When dealing with any outside organization, it pays to take a step back and ask the receiving party why they need this information, how it will be used, what their own protection policies are, and what the ramifications of your not sending the information will be if you choose to take that course of action, before you send your own or other people’s Personally Identifiable Information along.  You’re well within your rights to ask whether or not they have cybersecurity procedures in place, how up-to-date their software systems and plug-ins are, and what they are prepared to do, should a data breach occur.

2. Check and double check the validity and true identity of any party asking you to send Personally Identifiable Information or funds along to them.

Unless you’ve initiated a phone call, you’ll want to confirm that the intended party you need to get information to is who they say they are.  In the case of an e-mail, even if you’ve initiated the e-mail chain, you’ll want to be sure to start a new e-mail chain when sending personal information or payment information.

A commonly used technique is for a cyber attacker to reach out by e-mail or phone, posing as someone you know, to ask you to send information or money along to an address that’s not legitimate.  Because you think you’re communicating with a known entity, you may just fall for it if you’re not careful to use the phone number you have on file for that individual to have a personal conversation, confirming that they contacted you and clarifying the instructions on what they’re asking you to send.

If you receive an e-mail that you’re not sure about, don’t click on any links in the e-mail – call your contact to ensure that they or their organization has really reached out to you with the request and ask for clarification on what they’re looking for from you.

One area where we increasingly see this scam at work is at the funds transfer stage of a real estate or art purchase or sale transaction.  A savvy cyber attacker can sneak in, posing as your known contact, and ask you to send funds to them, just as you’re getting ready to finalize the deal and transmit funds.

3. Watch your online behavior.  

If you’re passing your Personally Identifiable Information along over the internet, make sure to activate the lock icon on the status bar of your internet browser so that you know you’re keeping your information safe and encrypted during the transmittal process.  If you’re working on your laptop or sending your information by smartphone, be sure the Wi-Fi you’re connected to is a secure wireless network before you hit send.

4. Make sure you really destroy what you’re “throwing away”.  

When you’re upgrading or disposing of an electronic device that contains your personal information, be sure you don’t just throw it out.  Use a program to wipe the hard drive clean for any computer you’re disposing of. Remove or permanently destroy the SIM card from your mobile device and check with your phone manufacturer to learn how to wipe your phone clean of any voice mail messages, photos, phone numbers, and internet search history, just to be on the safe side.

If you have questions on how to further protect your Personally Identifiable Information, please contact your Untracht Early advisor.