Private data is valuable to cybercriminals. They can sell it to other criminals, use it for identify theft or target other victims with phishing attacks.
As part of Cybersecurity Awareness Month, Brock Information Technology Services (ITS) is educating the University community with information and tips that can help protect technology users’ identities and data.
What is private data?
Private data is information that can be reasonably expected to be secured from public view. Private data includes:
- Personally identifiable information — Information that can identify an individual when used alone or with other relevant data. Examples include a person’s full name, social insurance number, driver’s license, mailing address, credit card information, passport information and financial information.
- Protected/personal health information — Health information that identifies a specific individual. Examples include a person’s health card number, medical records held by a physician, patient records maintained by a hospital, prescription records and registration information.
- Sensitive/regulated information — Information that must be guarded against unauthorized access and unwarranted disclosure to maintain the information security of an individual or organization. Examples include passwords, trade secrets, intellectual property, research and access logs.
Why do cybercriminals want private data?
- Cybercriminals can profit from private data by selling it to other criminals on the dark web, which is where cybercriminals conduct illegal business transactions.
- Private data can be used by cybercriminals to perform identity theft, such as using a victim’s credit card or taking out loans in their name. Identity theft is a crime in which the victim’s personal information is used to gain benefits at the victim’s expense.
- Cybercriminals can use private login credentials to break into accounts with payment details, such as shopping accounts. This is called ’account takeover,’ and it often leads to identity theft.
- Cybercriminals can use private data to perform phishing attacks. By masking a scam as something legitimate, victims are lured into giving information willingly, such as credit card details. If criminals get access to compassionate information, they can also extort victims.
Tips for protecting private data
- Keep private data in a safe place, such as Brock SharePoint/OneDrive; not on a computer hard drive.
- Shred physical documents before disposing of them.
- Always be wary of giving private data to anyone who calls, emails or texts.
- Before entering private data into a website, check to see if the site is secure.
- Use strong passwords and multi-factor authentication.
- Try not to overshare information on social media such as location, birthday and other personal details.
Questions about protecting private data can be directed to itsecurity@brocku.ca