PII Theft: Surprising News About Hard Drives – and Data Breaches
There’s still a wide-held belief that most data breach incidents are the result of information thieves hacking into large retailers and stealing customer credit and debit card numbers.
But a recent analysis by security software company Trend Micro turned that assumption on its head.
Trend Micro analyzed Privacy Rights Clearinghouse data breach records from the last 10 years and found that not only are retailers way down on the target list, but hacking and malware are NOT the leading causes of theft of PII (personally identifiable information) and data breaches.
Causes of Personally Identifiable Information Theft:
The analysis report showed that ‘device loss’ was actually responsible for the most data breaches.
Device loss accounted for 41% of all breaches. The report combined portable devices loss (24%), physical loss (11.6%), and stationary device loss (5.4%), to arrive at that number.
Hacking and malware accounted for 25% of breach methods while ‘unintended disclosure’ made up 17%.
Healthcare, Not Retail
The report also showed that healthcare organizations – not retailers – are most affected by data breaches today.
The healthcare sector includes hospitals, clinics, private or public healthcare providers as well as patient billing, health plans, cloud services and other associates.
Criminals are targeting the information-rich healthcare sector because a lot of PII is stored in one place including social security numbers, addresses and dates of birth.
These organizations had 26.9% of all breaches in the past decade.
The report showed that education was the second most ‘breached’ industry, accounting for 16.8% of all breaches. The government sector accounted for 15.9%. Retail was in fourth spot, accounting for 12.5% of breaches.
The report was a good reminder that information security is not just about cyber safeguards. The physical security of hard drives that contain PII and other confidential information is important too.
Best practices for protecting laptops, smart phones, tablets, thumb drives, and stationary devices.
- Support a culture of security, and provide on-going security awareness training so all employees keep security top of mind in and outside of the office. In workplace programming, promote initiatives such as Data Privacy Day (held every January 28) to raise awareness about privacy and data protection.
- Create a mobile device strategy, and keep it updated with current trends - ‘wearables’ in the workplace are now in the news. One industry expert predicted “more incidents with cloud providers and third-party breaches of technology, particularly wearables that store a lot of household data”.
- Identify other vulnerabilities in the workplace (office printers, IT device storage) – and target those with safeguarding strategies. Introduce a Clean Desk Policy so that work areas are kept ‘clean’ of confidential information in paper form but also visible on computer monitors. Lock up mobile devices, or carry them for safe-keeping.
- Partner with a document destruction expert that provides secure destruction services for paper and hard drives. Storing old hard drives increases the risk of a data because there is no reliable method to permanently remove information from drives.
Losing or having a laptop stolen can cost more than you think. Check out our laptop security infographic to find out the hidden costs of a laptop.