Is it Safe to Have Information About Key Employees on Your Website?
Personally Identifiable Information (PII) is any information that can be used to identify an individual. We can divide PII into public and non-public information with some points that fall into a grey area. Obviously private PII are things like Social Security number, Drivers License number, credit card information, medical records. Public PII is information that can be accessed from public records. Examples of public PII are zip code, race, gender, date of birth. It is important to note that publicly available PII can be used in combination with PII found in a data breach or publicly posted by the individual to give the criminal a more complete picture of the individual.
Additionally, things get even more complicated and vary based on the industry or industries that you operate in. For example, in one industry there is a list of items that are considered PII. If any three of these items are listed together, it is considered protected PII. This can be as simple as a combination of first name, last name, and zip code.
Another category of PII is the data we use in public to conduct business. This PII includes name, email address, employer, position within company, and office address. PII in this category is considered sensitive but must be shared in order to communicate with others. There are security concerns when the data in this category is available publicly. Many small businesses have an “About Us” page where they share PII to help customers get to know the business and come across more personal. It is popular to share name, position within the company, a picture, and sometimes even the email address of the individual. While the intent is good, the information is available to the world, not just the potential customer base. This practice opens the employee up to more phishing attacks and gives criminals information they can combine with other publicly available PII.
Over the summer we covered the increase of new-hire phishing through LinkedIn. The professional networking tool is a great way to find new jobs and connect with other professionals. Unfortunately, criminals realized many employees were starting new jobs remote, and never met some of their coworkers. Hackers were taking advantage of new-hires and posed as the IT department of the new company. Criminals were able to gain access to internal network credentials by following publicly posted PII.
Be aware of your PII that is publicly available. This will help to recognize a phishing attack that may be using that data. We all must share some PII to exist and succeed in a business, but oversharing and making PII readily available sets users up to be a target.
A new practice is to not publicize key company individuals on the company’s website.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
