Blog/Expert Analysis/

You need to get in touch with your sensitive (data) side

Nov 14, 2019

Another day, another data breach. First it was Yahoo, then it was Marriott International, and then finally, it was Facebook’s turn to pay the piper. With everyone talking about corporate fines, you might be thinking that only big businesses need to worry about protecting sensitive data. But to prevent your own private details from falling into the wrong hands, you need to be proactive. So let's start by understanding what sensitive information actually is.

What is sensitive data?

Sensitive data is any information that you wouldn’t want to be shared without your consent. For organizations, this includes critical, protected, and confidential files. For private individuals, this mostly concerns sensitive personal information — especially data that can identify you,such as your name, address, or social security number.

To give you a better picture, here are some examples of sensitive data:

  1. Customer information. Some of this is obvious, like your name, home address, username, and password. Some data of this type may at first seem business-related, like payment and order details — but it’s still your information.
  2. Financial information. Anything used for payment processing is considered sensitive data. That’s your credit card or bank account numbers, credit rating, and social security number. This also includes corporate finances and bank transfers.
  3. Employee data. Similar to customer information, businesses must protect the personal data of their staff. This includes employees’ salaries, banking details, company login information, and any credentials they do not wish to disclose.
  4. Trade secrets. Leaks of confidential information can be devastating to businesses. This includes schematics, prototypes, software code, product specifications, and even market research — anything that would be covered by a non-disclosure agreement.
  5. State secrets. As you would expect, classified documents, files with restricted access, and critical government data are considered sensitive.
  6. Personal information. Besides your name and address, this also covers medical records, license plates, phone numbers, private photos, and compromising documents. It is by far the broadest category — and the most likely to affect you.

As you can see, despite the popular myth, sensitive data is not always classified. For instance, your medical records and email address may cause embarrassment or harm if leaked, but they can still be made available to others without your consent for lawful purposes.

How does sensitive data get exposed?

While many situations can result in sensitive data exposure, what really incites media frenzy are mass data breaches. By exploiting vulnerabilities, hackers can infiltrate databases and steal personal information like user account details.

Of course, cybersecurity continues to advance and brute-force hacking is becoming untenable. That’s why criminals rely more and more on human error to break in. Bad habits like weak passwords, limited understanding of social engineering techniques, and poor security practices can give crooks the opening that they need.

But sensitive data exposure isn’t limited to big headlines. Personal details get exposed through scams and incompetence every day — we just don’t hear about it on the news. For example, information on your LinkedIn and Facebook pages can help hackers guess your email’s security question. From there, they can work their way up to your financial details.

Finally, don’t forget that sensitive data includes your personal files and photos. If your computer becomes compromised (for example, by a virus), your private documents may be used to harm you, shame you, or even blackmail you.

What happens when sensitive data is leaked?

Some say that there is no such thing as bad publicity. But nobody wants the kind of attention that data leaks bring.

According to the Ponemon Institute, the average corporate cost of data breaches now clocks in at $3.86 million. That includes investigation expenses, redress to victims, security updates, and the hit to reputation. Companies pass these costs down to customers like you through higher prices and confusing security measures.

For individuals, the results can be more severe — and deeply personal. Data leaks can expose private details, such as medical history or sexual orientation. If criminals get their hands on sensitive personal information, they may use it to commit identity fraud, cleaning out bank accounts before victims are even aware of the breach.

How can I protect my sensitive data?

When people hear of big data breaches, they often feel powerless. Once we share our sensitive information with a big corporation, it’s like it’s out of our hands — we’re at the mercy of its security measures and the criminals’ ingenuity.

Don’t despair. These common-sense tricks will help limit the fallout of any potential exposure of sensitive data:

  • Limit what you share online. No, really — criminals can’t steal what’s not there. Avoid uploading personal things to social media, set your profile to “Private,” and don’t give companies more information than you need to.
  • Learn about social engineering scams. Knowing is half the battle. If you can spot a scammer in the act, you won’t disclose any sensitive information that can be used to harm you. Have a look at our article on social engineering for the most common types of attacks and ways to protect yourself.
  • Develop good password habits. If you don’t use strong, unique passwords for your accounts, a minor data breach can have a disastrous domino effect. The attackers will use information from one account to break into another, ultimately arriving at the most valuable data. We’ve covered password strength and best data protection practices in a separate article.
  • Keep your security software up-to-date. Don’t forget to update your antivirus, VPN app, browser, and operating system. Cybersecurity companies work around the clock to patch vulnerabilities in their products. Daily updates may seem like a hassle, but they keep intruders away from your sensitive personal information.
  • Encrypt your sensitive data. Encryption won’t prevent a leak, but it will stop any criminal from ever accessing the information. File encryption software like NordLocker protects your confidential files, letting you store and share them securely.
Oliver Noble

Oliver Noble

Verified author

A nerd with a laser focus on all things cybersec. His own words. Oliver’s hobbies away from the computer include reading, Netflix, and testing the limits of yet another Raspberry Pi. To our surprise, this 130-pound ‘nerd’ also bakes a killer pumpkin pie.