Personal Identifiable Information (PII)

Personally identifiable information, or PII, is any type of information that can reveal who you are. This includes your full name, social security number, bank account number, email address, and phone number.

If someone can access this information, they can figure out your identity. For example, your social security number is unique, like your name and contact details. It's important to keep this information safe because if it falls into the wrong hands, someone could misuse it to pretend to be you or access your accounts.

Personal identifiable information comes in two forms, which includes:

• Sensitive Personal Identifiable Information

Sensitive PII refers to information that could lead to serious issues if it falls into the wrong hands.. This might mean losing money, stealing your identity, or facing other major issues. Examples of sensitive PII are: 

- Your social security number

- Bank account numbers

- Credit card details

- Health records

- Biometric data (like fingerprints or facial recognition data)

• Non-Sensitive Personal Identifiable Information

Non-sensitive PII includes information that can identify you but is generally less harmful if someone else gets it. This type of information includes:

- Names

- Addresses

- Email addresses

- Phone numbers

Even though sharing this information might not lead to immediate serious problems, it can still be risky. For example, someone could use it to trick you into giving away more sensitive information through phishing attacks or social engineering. So, it's still important to be careful with this information to prevent misuse.

Personal identifiable information can have serious consequences for both Individuals and businesses. For individuals, it can cause financial loss, identity theft, and privacy invasion. For businesses, poor security can result in losing customer trust, facing legal issues, and suffering financial losses. 

Organizations like businesses, hospitals and schools must keep this personal information secure to protect people's privacy. If there's a security breach and this information is exposed, it can cause long-term problems for individuals and their families.

Cybercriminals use tricks like phishing scams to steal personal information by pretending to be someone you trust. To prevent this, businesses should protect personal information by checking for stolen data that might be sold or shared illegally, training their staff, and promoting safe online practices to prevent unauthorized access and misuse of data.

Businesses have a moral responsibility to protect people's privacy and personal information. As online crime increases, it’s becoming harder for companies to keep this information safe. However, there are steps businesses can take to reduce the risk to their customers.

Regular Security Training      

Businesses should prevent data breaches by teaching staff data privacy, and how to be safe and responsible online. It's important to train employees to raise awareness If anyone notices something suspicious, they should report it to the IT department right away. 

Data Encryption      

To keep sensitive information safe, businesses must make sure it is encrypted both when it’s being sent and when it’s stored. This helps prevent anyone from accessing it without permission.

Regular Security Audit

As an organization, you should regularly conduct security audits and risk assessments to identify and address any vulnerabilities. Additionally, ensure that anti-malware programs are installed on both individual computers and servers within your network to protect against threats.

Collaborate with Cybersecurity Companies 

If you don’t have a security response team to handle security incidents when they occur, you can collaborate with other verified agencies to ensure you receive expert assistance and effective solutions for addressing and resolving these issues.

Protect Sensitive Documents with Passwords 

If you like keeping sensitive documents or information on your notepad or devices to help you remember them, it's important to set a password to protect that information from others.

Delete Sensitive information from Message Inbox

Do not share passwords or other sensitive information in your social media messages. If you need to use them, make sure to delete the messages afterward. Hackers who gain access to your accounts may have access to this information and cause more harm or steal from you.

Avoid Using Public Information for Security Questions

One common mistake people make is using information that is publicly available as their security question. Avoid using details that are easily found on your social media pages, work documents, or resume as your security question, because attackers can easily find this information and use it against you.

Client-side vulnerabilities and web page protection in JavaScript go hand-in-hand when the concern is client-side security. JavaScript security threats and risks are a real concern. Moreover, JavaScript may represent a security vulnerability for businesses when the source code is provided by third-party providers, for example.

• First-Party JavaScript - The code an organization generates may have been secure when written. However, the code may have been tampered with after it went into production or reverse-engineered by malicious actors.

• Third-Party JavaScript - JavaScript code originating from third-party sources poses a significant risk because it has all the same privileges as first-party JavaScript code. Since there are no default security settings for third-party JavaScript, the organization that operates the website or app pulling in that code is responsible for enforcing security and continuous monitoring.

• Use of Forms and Secure Form Data - More than 90% of websites use forms to collect users’ personal information. Therefore, businesses must be committed to preventing breaches. On average, the personal information collected has a high level of exposure, involving more than 15 third-party domains, which increases the risk of unauthorized access to data and script misbehaviors.

Why do businesses need client-side security?

Client-side attacks have increased in cost and scale as companies expand their investments in the end-user digital experience. From Jscramblers’ experience, we give three fundamentals to start improvising the client-side security of your applications:

• Identify all third-party JavaScripts running on your web applications and website;

• Understand what these third-party JavaScripts are doing and why;

• Define which scripts are allowed to access data in forms on payment pages and block those that should not.

Web applications typically load 20 or more third-party scripts as part of the digital user experience. By not developing a client-side security strategy and approach, security teams allow third-party code libraries to run amok on their servers.

The relevance of third-party scripts for users’ digital experience creates a JavaScript supply chain, and the lack of client-side security measures generates potential vulnerabilities to a software supply chain implemented almost in real-time on users’ devices. That said:

• For businesses that accept online payments, users’ browsers may be facing a silent war.

• Website forms are open windows for data breaches.

• It is urgent to control third-party script behaviors on the client side, including tracking pixels and chatbots.