Sharing Personal Information: When Is It Worth the Risk of a Cybersecurity Breach?

By Dr. Kenneth L. Williams, CISSP
Program Director, Cybersecurity, at American Military University

We are all confused by the bombardment of daily news informing us of cyber breaches that involve our personal information. Our anxiety level is constantly on “hyperdrive” as we worry about the impact on ourselves and our loved ones.

We recently went into hyperdrive anxiety again when the Equifax data breach was announced in September and we learned that hackers had accessed the Equifax credit files of some 143 million people. Most likely, everyone we know was involved in some form or other in the breach.

Recently, Yahoo – now rebranded as Oath and part of telecommunications giant Verizon – updated its assessment of the effects of its own data breach in 2013. The number of breached accounts went from 1 billion to “all Yahoo user accounts.”

Cybersecurity Breaches Are Sometimes Overlooked Due to Other World News Events

Events such as these cybersecurity breaches are often overlooked because news such as the mass shooting in Las Vegas last Sunday also compete for our time and challenge our anxiety. Along with these events, our lives are also challenged by personal and work demands.

We make daily decisions without full knowledge of their impact on us or others. Those decisions include providing personally identifying information. For example, we may give out our telephone number to a store clerk or enter our driver’s license number on a loan application email.

How Do We Survive without Honoring Requests for Personal Information?

Making decisions about whether or not to give out our personal ID information is a part of modern life. The answers are never easy because each individual circumstance is unique with its own advantage or disadvantage. You are your own best judge concerning the release of your information and nothing compels you to give it out to everyone who requests it.

Of course, many people would argue that without exchanging information via the Internet, we would cease to function. It could also be argued that the structure of our societal rules compels us to share/provide our information, even against our better judgment.

The FTC Offers Several Tips to Protect Your Data

If you accept this truth, there are a few options can that can protect your information against a possible data breach. Most of the tips come from the U.S. Federal Trade Commission, which is often viewed as the federal agency that protects America’s consumers.

1. Contact Equifax or Yahoo to inquire if your information was involved in their breaches. Be patient as you wait for a response because that information could change at a future date. As it relates to Equifax, the FTC advises you to enter your information at Equifax’s cybersecurity breach site to verify whether or not your data was affected.
2. Start monitoring your personal information through the three major credit reporting agencies: Equifax, Experian and TransUnion. Additionally, all consumers within the U.S. are allowed a free credit report annually from each of these three credit reporting agencies. Whether or not your information was exposed through the Equifax data breach, you can receive up to three years of free credit monitoring by signing up through Equifax’s cybersecurity breach site by November 21, 2017.
3. Follow your own instincts regarding the threat of your personal information being compromised; a breach might have a major effect on you or none at all. You must decide what actions to take; your decision to give out your personal information is one that you must live with, especially if it helps to reduce your anxiety.

About the Author

Kenneth Williams, Ph.D., is the program director of cybersecurity at American Military University. He holds a doctoral degree in cybersecurity and a master’s degree in information security/assurance from Capella University.

In addition, Kenneth is a Certified Information Systems Security Professional (CISSP) and holds Security+ and CompTIA certifications. In the past, he has also held positions such as President/Chief Information Officer for Thelka Professional Associates; Adjunct Professor for Northern Virginia Community College, DeVry University and Sullivan University; IT Specialist/Cybersecurity Compliance Auditor for the U.S. Army Inspector General; Information System Security/VOIP Engineer and Contract Lead for the U.S. Army’s CECOM; and Information System Security Engineer and Technical Manager/Chief Information Officer for Onyma, Inc. He is an Army veteran with over 14 years of service.