Cyber security tips
Woman logging on to a personal device with a pin

Safeguarding your identity – how to protect yourself against identity theft

Identity theft is when someone steals your identity by using your personally identifiable information with the intent to commit fraud or other crimes. Fraud carried out with your stolen identity can have long lasting and major impacts on your life and personal finances. By implementing good identity management practices online and securing your information offline, you can help protect yourself from identity theft.

What is identity management?

Identity management is the control of digital identities, through good cyber security practices that protect your personally identifiable information.

By applying user authentication, access permissions and data security measures, accessing data or information within a system or organisation can be limited to only authorised users.

What is personally identifiable information?

Personally identifiable information, or PII, is any data that helps to identify or locate a person. It can include everyday information that is unique to you, such as your full name, date of birth, your parents’ names, home address, phone number or bank account and credit card details.

Evidence of identity documents also form part of your PII (passport, drivers licence, birth certificate, marriage certificate etc.). It can also include individual government referencing, such as a Centrelink Customer Reference Number (CRN) in Australia, or a National Insurance Number (NIN) in the UK.

Where is my personally identifiable information stored?

In addition to the expected places your PII would be stored (banking and finance institutions, government agencies and healthcare providers), several other online activities also require a level of disclosure of personal information. These might include:

  • Shopping – Buying things online will require the details of the consumer to deliver purchased goods.
  • Newsletter subscriptions – Signing up to a mailing list will normally require a name and email address at minimum, but may capture other details like your gender, age, or social media.
  • Social networks and gaming – Social/virtual worlds and online games normally require registration that captures your information to create an account for access.
Ways your identity can be stolen

Your PII can be stolen in many ways:

  • Through email or text message phishing, a victim can be tricked into clicking on a link to a fake interface for a service they use and entering their account credentials or personal information.
  • The databases of a company or service might be compromised with unauthorised access.
  • Viruses designed to capture personal information can be sent via email or included with other downloadable files or software.
  • A thief may call a potential victim posing as a representative of a bank, charity, service provider or government agency. They then verbally request information to “verify” the victim’s identity and collect their information.
  • Physically, a thief could gain access to your wallet and ID, or intercept mail that could include documents that can be used as identity proof, such as utility bills or bank statements.
How can I protect myself against identity theft?

Exercise good healthy identity management practices in your workplace and personal life, both online and offline. Always be cautious about who you give your information to. For any request for your personal information, always ask yourself if there is a legitimate reason to hand it over.

Additionally, the following practical measures will help keep your personal information secure, and help protect you from identity theft:

  • Be wary of unsolicited calls or emails requesting information or offering deals that seem too good to be true. Especially if there’s any urgency to comply! Verify any requests by contacting the service on their website published phone number.
  • Enable multi-factor authentication on your online accounts and use long, strong, and unique passwords and passphrases.
  • Stay aware of what information you share via email and through social media. Regularly review your default privacy settings for sharing posts and images.
  • Only use trusted devices and secure connections to access your accounts. Refrain from logging in to any of your accounts or signing up to services using public access or shared computers. If you must use an unfamiliar wifi, use a VPN.
  • Always check permissions sought by downloaded apps and software before installing them on your devices.
  • Store your personal documents in a secure place. If you have excess physical personal information stored, shred it before disposal.
  • When using an ATM, double check the machine for suspicious, extra fixtures and cover your pin entry with your hand. Regularly review your account transactions for unusual activity and immediately report any suspicious transactions.

Remaining conscious all activity involving your PII will go a long way to protecting your identity. To learn more about identity management for your organisation, reach out to our team of cyber specialists.