Guide to Protecting Personal Information Online
Written by: University of Tulsa • Jan 4, 2024
Guide to Protecting Personal Information Online ¶
Between 2018 and 2022, the FBI received 3.26 million complaints of internet crime. The incidents spared no age group, with a 2021 Federal Trade Commission (FTC) report indicating that both young and older adults reported fraud related to online activities that ranged from shopping to job seeking.
Individuals between the ages of 18 and 59 were 34% more likely to report incidents of online fraud than older adults, the FTC report shows, but older adults incurred the greatest financial loss. In fact, the FBI notes that online fraud victims over 60 lost an average of $35,101 per person in 2022.
Whether they are younger people who often are more active online or older adults who are perceived to be less tech-savvy, all individuals who use the internet can become the target of cybercriminals who want to steal their personal data. With the Pew Research Center reporting in 2021 that 93% of American adults use the internet, everyone needs to learn how to protect personal information online.
What Personal Information Should Be Protected Online? ¶
Personal information encompasses all the details that others can use to identify someone. Certain individuals who gain access to this data, often referred to as personally identifiable information (PII), may do so for beneficial purposes. It can be helpful, for example, when companies use information like someone’s gender or location to help tailor products or services to meet that person’s needs. But others use the information to commit crimes.
Individuals may voluntarily share their personal information — when they complete online forms, for example — or they may unknowingly provide the information, such as when they take an action that allows someone to break into their computer system.
Examples of Personal Information ¶
Personal information includes a broad range of details, from where someone lives to what medical concerns they have. The information can be publicly accessible, as with names and addresses, or private, as in the case of social security numbers or passwords.
With private information such as passwords and credit card numbers, others can identify a person or access their networks or accounts. In the case of more general information, such as a person’s city or gender, a cybercriminal can use the information to piece together or sell data that can be used to steal their identity or gain access to their accounts.
Examples of personal information include:
- Telephone number
- Birth date
- Work history
- Race or ethnicity
- DNA data
- Health history
- Social security number
- Credit and debit card numbers
- Personal identification numbers (PINs)
Why Should People Protect Personal Information Online? ¶
With the variety of tools and products that now use the internet, from smartphones and laptop computers to medical monitoring devices and security cameras, people share volumes of personal information online — knowingly or unknowingly. This means there is a significant risk that sensitive data will fall into the hands of cybercriminals.
Cybersecurity company IT Governance reported that there had been more than 4.5 billion records compromised globally due to online data breaches from January through September of 2023. The consequences of these breaches can be catastrophic for those whose personal information is stolen.
10 Uses for Stolen Personal Information ¶
The FBI’s 2022 report on internet crime shows that Americans had reported losses of $27.6 billion due to this type of incident over the previous five years. While finances are a significant concern when protecting personal information online, people’s personal information can also be used for other fraudulent actions — including stealing their identity. Following are 10 ways stolen personal information can be used:
- Assuming the victim’s identity to apply for a credit card
- Posing as that person to apply for loans
- Gaining access to the victim’s bank and retirement accounts
- Requesting money from the victim’s online contacts
- Applying for a job or renting an apartment in the other person’s name
- Locking the individual out of their own accounts
- Seeking tax returns by filing tax forms in the victim’s name
- Applying for identification such as a driver’s license or passport as the victim
- Sharing the victim’s information as their own when arrested
- Selling information such as credit card numbers and health care data on the dark web, a part of the internet commonly used for illegal activity like blackmail and extortion
How Criminals Steal Personal Information Online ¶
Whether they are tricking people into providing data or finding ways to access the information without the user’s knowledge, criminals use a variety of methods to collect individuals’ personal details online. Common tools and techniques for gaining unauthorized access to personal information on the internet include:
In a practice called phishing, scammers steal people’s personal information through emails or other online messages that contain what may appear to be legitimate requests for personal account information — but are not. Or the messages might contain links that resemble those connecting to reputable sites. When users click on the links, however, malicious software, known as malware, is installed on their computers that can provide access to the victim’s personal data, such as their credit card numbers or bank account login information.
Social Media ¶
People’s social media profiles often provide a host of personal information — from the individual’s name and location to their job and work schedule. Photos posted to social media can contain clues about this type of data as well. Cybercriminals can collect this information to help them determine passwords to people’s online accounts, or they can gather personal data to sell to others.
Public Wi-Fi ¶
The Wi-Fi that people use to connect to the internet at public locations like coffee shops, libraries, and airports often lacks robust security. Using this type of service can leave people vulnerable to those who exploit this weak protection to gain access to others’ networks and the personal information on them.
Online Shopping ¶
When people provide personal information, including credit or debit card details, during online purchases, they are taking a risk that the data could fall into the wrong hands. People might steal an individual’s information using phishing or malware, or they might gain access through public Wi-Fi networks. Cybercriminals also may steal the personal information of hundreds or thousands of people through data breaches at banks or retailers.
Resources: Dangers of Online Data Theft ¶
Following are resources that provide more information about online data theft and its risks:
- Identity Theft Resource Center (ITRC): The 2022 “Trends in Identity Report” from nonprofit organization Identity Theft Resource Center provides data about the number and types of various crimes, including online attacks, that involve identity theft.
- FTC: This federal agency’s “Consumer Sentinel Network Data Book 2022” is a compilation of data about fraud during that year, including theft of personal information online, and the losses incurred as a result of those incidents.
- Statista: This data and business intelligence service offers a variety of statistics about personal information compromises between 2006 and 2023 and the damage they have caused.
- Tech.co: This tech research organization provides a list of large-scale data breaches that occurred in 2022 and 2023, with information about the tactics the cybercriminals employed and the outcomes of the data thefts.
How to Protect Personal Information Online ¶
According to a 2022 report from the World Economic Forum, 95% of cybersecurity issues are the result of human error. So what precautions can people take to safeguard themselves against the mistakes that can lead to the theft of their personal information — and the harm that unauthorized access can cause?
Following are nine internet safety tips to help in protecting personal information online.
1. Use Security Controls ¶
The first step in protecting personal information online concerns what often is the last line of defense: security controls. For everything from work-from-home safety to online shopping protection, the following are among the security measures that individuals can employ to fend off would-be cybercriminals:
- Antivirus software — Helps protect against malware that can allow unauthorized users to gain access to personal information
- Encryption — Scrambles data transmissions for any user who does not have a designated code to access the information
- Two-factor authentication — Requires two or more layers of user verification, including a one-time code
- Virtual private network (VPN) — Safeguards the privacy of data by creating an encrypted link between a device and server
2. Create Strong Passwords ¶
Passwords for devices and accounts should be difficult to guess, avoiding characters that relate to personal information such as birth dates and addresses. These passwords should contain lowercase and uppercase letters as well as numbers and symbols.
3. Recognize Signs of Phishing ¶
People can protect themselves from data theft by casting a wary eye on emails, texts, and other digital messages that could be phishing scams. Any of the following characteristics could be indicators of phishing messages:
- Requests sensitive information: Asks for personal data, including information someone could use to access networks or accounts
- Contains inconsistent addresses or links: Provides hyperlinks or email addresses that differ slightly from those of legitimate organizations
- Includes attachments: Encourages the user to download unrequested attachments, which could contain malware
- Uses poor grammar: Includes obvious writing mistakes that professional organizations would edit before sending
- Conveys a sense of urgency: Features messages that indicate the recipient must take immediate action to avoid some type of threat or take advantage of a reward
4. Perform Regular Updates ¶
Internet users should keep their operating systems and software up to date. Updates often include security patches and enhancements that protect against the latest threats to data safety.
5. Keep Social Media Private ¶
Those who share information and photos on social media should activate the setting that restricts who has access to their posts. This action blocks those who are searching for personal information posted on social media accounts.
6. Remove Old Accounts ¶
Corporate data breaches can compromise people’s personal information, even if they no longer use those accounts. Anyone with unused accounts with retailers, financial institutions, or other organizations that could have personal information should delete them.
7. Protect Internet Browsing ¶
Many internet search engines offer options that allow users to browse privately, without others tracking which sites they visit. In some cases, users can erase their browsing history and searches while they’re online.
8. Explore Data Broker Sites ¶
Data broker sites, such as Intelius and Whitepages, are repositories of individuals’ personal information. They present data culled from online sources such as:
- Public records
- Website and app use
- Social media accounts
To request that these sites remove information, individuals can visit those sites and find the form to opt out. They also may use paid services to request data removal.
9. Protect Other Internet-Connected Devices ¶
Because the items that connect people to the internet go beyond computers and smartphones, people need to be mindful of the broad range of devices that must be protected against information theft. Routers allow access to data on a host of other devices and tools, so establishing a unique password and keeping security up to date for those devices should be a priority.
Resources: How to Protect Personal Information Online ¶
The following articles and guides provide additional details and tips for protecting personal information online:
- “14 Things You Should Never Do When Using Public Wi-Fi” — This Reader’s Digest article lists actions that people using public Wi-Fi should take — and avoid — to protect their personal data.
- “How to Protect Personal Information Online: A Simplified Guide” — This article, from security software company Norton, outlines best practices for online protection.
- “Online Safety Basics” — This National Cybersecurity Alliance article outlines actions that people can take to protect themselves and their loved ones from data theft.
- Protecting Your Privacy Online — This FTC resource offers links to tips for safeguarding personal information, including health data, as well as devices connected to the internet.
What Should a Person Do if Their Personal Information Is Stolen? ¶
What if, despite an individual’s best efforts to protect their personal information online, they suspect that someone has accessed their private data to steal their identity or money?
Individuals who believe their personal information has been stolen have several options as far as what steps to take next and where to report the suspected crime. Following are some resources that describe where to turn and what to do:
- Motley Fool — This article gives step-by-step instructions for what people should do if they believe someone has stolen their identity.
- Consumer Financial Protection Bureau — This federal bureau provides answers to questions about online scams, including what people should do if they believe their personal information has been compromised.
- FBI — People who believe they are victims of online fraud can report the issue to the FBI’s Internet Crime Complaint Center (IC3).
- FTC — This FTC resource lists signs that indicate online messages are scams and links to a site for reporting fraud. The agency also offers a site for reporting fraud involving identity theft.
Take Precautions for Protecting Personal Information Online ¶
With the proliferation of devices that connect to the internet — and their widespread use — everyone needs to learn how to protect personal information online. By keeping in mind what information to safeguard and how to ensure its protection, people can be confident about their privacy as they take advantage of the many services and conveniences available online.