12 places your data may not be safe (and what you can do)

Be proactive—take steps to keep your personal information from being compromised

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Data com­pro­mis­es and the iden­ti­ty-relat­ed crimes that flow from them are now the third cer­tain­ty in life, right behind death and tax­es. That said, there is plen­ty you can do to stay as crime-proof as possible.

Adam Levin, chair­man and co-founder of Credit.com and Cyber­Scout (for­mer­ly IDT911)

Accord­ing to Risk Based Secu­ri­ty, more than 4.2 bil­lion records were com­pro­mised world­wide in 2016 alone. In truth, the total num­ber of com­pro­mised records is unknow­able. Here’s what you do need to know: It is a near cer­tain­ty that most, if not all, of your per­son­al iden­ti­ty port­fo­lio is already “out there.”

How to keep your per­son­al infor­ma­tion safe

Iden­ti­ty theft is a catch-as-catch-can endeav­or. Where there is a will, there is almost always a way. In fact, many, if not most, of us already have been com­pro­mised either by a breach or as a result of obses­sive (and exces­sive) over­ex­po­sure on social media. Enough of our per­son­al­ly iden­ti­fi­able infor­ma­tion (PII) is read­i­ly avail­able on the web to make us easy tar­gets for phish­ing attacks and iden­ti­ty-relat­ed crimes.

Thank­ful­ly, iden­ti­ty theft often is a crime of oppor­tu­ni­ty. All that vul­ner­a­ble infor­ma­tion still needs to be accessed, which may require more effort than your aver­age iden­ti­ty thief is will­ing to expend. This is why it’s impor­tant to keep your data safe from those oppor­tunis­tic hands.

Here’s what you need to bear in mind at every turn: It’s like­ly that you’re going to “get got” with PII that hasn’t been com­pro­mised … yet.

Where to check your PII

To min­i­mize your expo­sure to iden­ti­ty thieves, you’ll want to eval­u­ate places that may not be mak­ing the secu­ri­ty of your PII a pri­or­i­ty. Here are 12 places that may not be keep­ing your per­son­al data safe.

  1. Small busi­ness­es: Mom-and-pop shop own­ers have a lot on their plates, and man­ag­ing your per­son­al data isn’t nec­es­sar­i­ly on the front burn­er. Whether it’s the com­pa­ny that fills your oil tanks, a lawn ser­vice, or a local store where you have a tab, ask how they store your infor­ma­tion. If they give you a vague answer, ask them to erase what­ev­er they have—and watch them do it, if possible.
    2. Children’s sports leagues: Children’s sports leagues need basic infor­ma­tion to enroll your child, includ­ing med­ical con­tacts, names, address­es, emer­gency con­tact infor­ma­tion, and oth­er data points that can be used in iden­ti­ty-relat­ed crime. If you get a vague answer about data stor­age, ask them to erase what­ev­er they have.
    3. Doc­tors and den­tists: You ever see those col­or-cod­ed files stick­ing out of open met­al cab­i­nets at a med­ical provider’s office? They con­tain all the infor­ma­tion need­ed to steal your health care ser­vices, com­pro­mise your finan­cial accounts, or file fake tax returns and divert your refunds. If you see some­thing, say some­thing. Either way, ask your med­ical pro­fes­sion­als how they store your records and request that they be stored securely.
    4. Vet­eri­nar­i­ans: You might not think that your vet’s office could be a point of vul­ner­a­bil­i­ty. Worse yet, the pos­si­bil­i­ty of data com­pro­mise may not have occurred to your vet, either. Ask how they store your data. Chances are good they will improve their meth­ods once they under­stand the imme­di­ate con­se­quence of lost busi­ness for fail­ing to do so. If they don’t respond, ask for your file and vamoose.
    5. Gyms and fit­ness clubs: Increas­ing­ly, fit­ness clubs are on the ball when it comes to data secu­ri­ty, but you’ll still want to ask how they store your infor­ma­tion. If they don’t have a sat­is­fac­to­ry answer, you may want to con­sid­er look­ing for a dif­fer­ent gym.
    6. Edu­ca­tion­al insti­tu­tions: Many peo­ple con­tribute to the care and edu­ca­tion of our chil­dren. Unfor­tu­nate­ly, not all of them are edu­cat­ed in the ways of cyber hygiene, which is why it mat­ters how your child’s infor­ma­tion is stored by these insti­tu­tions. Always ask about it, and request that your child’s infor­ma­tion be stored secure­ly. Once it no longer makes sense for a par­tic­u­lar insti­tu­tion to have per­son­al infor­ma­tion about your chil­dren, ask that they delete their records.
    7. Accoun­tants: While big­ger account­ing firms are lia­bil­i­ty-mind­ed, small­er firms and one-per­son oper­a­tions may not be as up to date on cyber­se­cu­ri­ty best prac­tices. In addi­tion to hav­ing hard copies of your files, which con­tain extreme­ly sen­si­tive per­son­al data, your accoun­tant has to send elec­tron­ic files to the IRS and oth­er state agen­cies that col­lect your tax­es. Make sure they are using secure net­works and store your files secure­ly. If they don’t, it’s in your best inter­est to look for a more secure accountant.
    8. Lawyers: If you’re wor­ried about the amount of sen­si­tive data resid­ing with your accoun­tant, take a moment to reflect upon the sort of per­son­al infor­ma­tion that resides with your attor­ney. It’s OK to have a direct con­ver­sa­tion about their data secu­ri­ty prac­tices. If there is any push­back, take your busi­ness (and your data) elsewhere.
    9. Real estate agents: While they may not have a lot of your PII, real estate agents have enough for a thief to get a foothold into your mine­able cred­it. If your agent gives you a vague answer about how they han­dle sen­si­tive infor­ma­tion, don’t give them any—or lim­it what you share to the bare min­i­mum required.
    10. Car deal­er­ships: Car deal­er­ships are focused orga­ni­za­tions. While their employ­ees know a great deal about clos­ing deals, they may not know how to close the gates to ID thieves—and because they offer cred­it, they are in pos­ses­sion of the skele­ton key to all your finances: your Social Secu­ri­ty num­ber. Make sure it’s safe. You’ll want to check with any oth­er retail­ers that offer cred­it as well, since they also will have access to your SSN.
    11. Trav­el agen­cies: In order for trav­el agents to do their job, they like­ly need your name, address, date of birth, con­tact info, emer­gency con­tact infor­ma­tion, license or pass­port num­ber, and cred­it or deb­it card num­ber. You need to know how long they will keep it and how they will store it. If you are not sat­is­fied with their expla­na­tion, cruise on over to some­one else.
    12. Home: Your domi­cile is an El Dora­do of per­son­al infor­ma­tion, and you need to be able to pro­tect those rich­es. Store all of your most-sen­si­tive doc­u­ments in a secure, fire­proof loca­tion. Bet­ter yet, scan and store them in an encrypt­ed, pass­word-pro­tect­ed thumb drive.

Nev­er for­get, the ulti­mate guardian of the con­sumer is the con­sumer. No one cares more about the pro­tec­tion of your per­son­al­ly iden­ti­fi­able infor­ma­tion and your finan­cial secu­ri­ty than you do.

Full dis­clo­sure: Cyber­Scout spon­sors Third­Cer­tain­ty. This sto­ry orig­i­nat­ed as an Op/Ed con­tri­bu­tion to Credit.com and does not nec­es­sar­i­ly rep­re­sent the views of the com­pa­ny or its partners.


More on iden­ti­ty theft:
Iden­ti­ty Theft: What You Need to Know
3 Dumb Things You Can Do With Email
How Can You Tell If Your Iden­ti­ty Has Been Stolen?