Our newly appointed CISO, Nadine Hoogerwerf, gives her perspective on taking care with personal data...
If you want to take proper care of people (your patients, clients or civilians), then you better take care of their data and make sure it is not used against them. Cyber crimes are very real and a big part of those crimes are made possible by the use of personal data. For example, phishing emails and scams heavily rely on personal data. That is why hackers and other criminals are actively looking for these datasets.
Email addresses and phone numbers are the perfect information for setting up a phishing campaign or big scamming attempts. They offer a point of contact. But other personal data can be used as well.
The more information the hacker has on the individual they want to mislead, the more likely they are to be successful. Personal or even private information about the victim will make the phishing email more trustworthy. This could be information such as the school the individual attends, the municipality they live in or their energy supplier. If the phishing email is coming from the actual school the individual went to and maybe even includes the correct graduation year, this increases the trust the individual has in the email. Chances are, they will think “if they know this about me, they must be real”.
A real sense of urgency will also increase the likelihood of an individual falling for a phishing scam. If a hacker can get their hands on recent and sensitive personal data, a phishing attack can be very persuasive. Simply put, the more information within their grasp, the more they can finetune and customize the phishing email.
And phishing attacks are becoming increasingly intelligent. Imagine receiving an email regarding new treatment for an illness you suffer from, seemingly from your own hospital or doctor. Even more so if the email appears to be sent by your hospital or doctor.
Or what about an annual invoice from your energy supplier that includes the correct home address and contract number.
The risks are even higher with a structured dataset that includes personal data of multiple people. This can be more easily used by hackers to create automated phishing attacks or scams, increasing the scale of their attack and increasing the odds that someone will fall for it.
Being phished or scammed hurts
The impact on the victim of a successful phishing attack or scam can be enormous. It usually causes a lot of stress and anxiety. Their sense of security is shaken and people often feel embarrassed about it. No matter how sophisticated the attack, people often feel ashamed for being tricked and may even doubt their own judgment.
In addition to the emotional impact, there is often a financial impact. For example, many individuals unfortunately fall victim to having their savings stolen or their crypto account emptied, the negative consequences of which may be impossible to recover from.
Do you feel accountable?
Although it is of course the hackers who are truly to blame for the repercussions of their attacks, a successful phishing email/scam depends on having personal information of its victims. It is up to the organizations that collect and process personal data to ensure this information is secure and does not end up in unintended hands.You don’t want to be that organization that ‘lost’ personal data that is later used to commit cyber crime and cause distress and pain.
Keeping personal information secure and under your control should be a core business objective of any organization. Progressive IT leaders and data protection experts understand this responsibility and will enable their organizations to process personal data securely.
At Zivver, we help organizations strengthen their email security through smart technology designed to prevent common breaches such as human-error.
Click here to learn more about how Zivver is making organizations more secure.