This year was once again filled with major security breaches. In fact, these breaches have impacted so many of us that they are becoming a routine fact of life for companies and individuals alike. The Equifax breach in particular affects practically every person or entity that has had a credit check done in recent years.
Protection of our personally identifiable information (PII) and financial information should have been a priority with a credit bureau. As we've seen, it was not. And of course they are not alone – Uber, Anthem, Instagram – the list is long http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
The European Union has implemented General Data Protection Regulation (GDPR), which was effective April 2016, and begins levying very large fines in May 2018. It's goal is to return control of personal data to the individual. Among the requirements, entities must: request use of the data; know everywhere the data is located, whether within the entity or at a third party; be prepared to delete that data upon request; assign a Data Protection Officer; and provide data portability. These requirements extend to non-EU companies.
This is not a new direction, but is one that threatens very large fines – 20 million euros or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise.
In the US, we have our own regulations; in fact, we have compliance requirements today for PCI DSS, FINRA, SOC, and HIPAA. All of these are directed at entities but impact the individual.
Even with these regulations, individuals need to protect themselves. The following is probably not new information, but bears repeating.
- Use complex passwords or a password vault.
- Minimize the credit cards used online so exposure in reduced. Wherever possible do not use a card directly tied to your bank account.
- Implement two factor authentication on your online accounts, particularly banking and brokerage.
- Secure your home devices by changing default vendor logins and passwords particularly on all devices remotely accessible. Strictly control internet router or modem access.
- Encrypt your data wherever possible both on your devices and when storing in the cloud.
- Use the passcode protection on your phone in addition to biometrics.
- Check your wireless network access and implement the strongest encryption available.
Security needs to be incorporated into our daily lives. It cannot be done once and forgotten until next year. Each of us has daily responsibilities to ourselves, our workplaces, and our families. Take the time to review the many devices and services used to go online to ensure you've done whatever is possible to secure you and yours.