Today, many Canadians are hosting the majority of their lives online—from posting images of their vacations, families and day-to-day activities on social media, to supplying multiple websites with personal information in the form of account security answers, to creating profiles with financial institutions and government websites containing highly-confidential and sensitive information.
The amount of personal information that is available online is alarming. It poses the question: do consumers truly have a strong level of trust with the institutions and online platforms they are continuously dealing with? Or, are they simply more concerned with getting things done quicker online than they are with getting things done safely and securely?
In my opinion, and based on consumer trends that we’ve analyzed over the years, the answer to the above question more often than not falls into the “get things done quick” category. Consumers are accessing hundreds of online platforms, yet they usually only use one to five passwords. Further, they are often willing to share heaps of information online without understanding the full risk.
With major data breaches targeting consumers across the globe quite regularly, we need to shift consumers’ mindsets to stop thinking data breaches are harmless, to understanding the real capabilities that crooks have when it comes to sharing our information.
How valuable is our online identity?
Managing our digital identity online is one of the best opportunities of this digital generation.
With today’s digital age making it increasingly easier for crooks to steal our entire identity, it’s time to stop and think, how valuable is our identity? Whether you value your identity at $1 or $1 billion, the short answer is simple, it is without a doubt the single most valuable asset we own. If it’s stolen, we have nothing, while hackers have the ability to take everything.
In fact, according to a report by McAfee, the cost of stolen credit card data on the dark web is roughly $13-$21, and a stolen electronic medical record can cost up to $350. In the grand scheme of things, these numbers are quite low. Good for the consumer? Maybe, but the scary reality with these numbers is that fraudsters have the ability to access more stolen consumer information for a low cost. Not only this, but crooks are becoming so sophisticated in their attacks that stealing consumers’ data is second nature.
The cost of financial loss
Fraud affects everyone and the financial loss that Canadians incur annually is rapidly increasing.
According to the Canadian Competition Bureau, from January 2014 to December 2016, it is estimated that Canadians lost over $290 million to fraudsters, with online scams accounting for more then $40 million in losses in 2016 alone. And while that may seem like massive financial loss, it’s estimated that only 5 per cent of fraud actually gets reported to authorities.
As cited by the same report, the reasons fraud often goes unreported is due to a number of factors, with the most significant reason consumers stay quiet being stigma—either from being embarrassed or avoiding the hassle of reclaiming a small amount of money—while businesses often refrain from reporting a breach as there is no obligation to do so under the current federal legislation. This means that in many cases, consumers are not even aware that their personal information has been accessed and/or compromised.
With parts of the new Digital Privacy Act being put into effect in Canada later this year, requiring organizations to disclose data breaches and any “real risk of significant harm” to users, it’s important that both consumers and organizations begin to recognize the risks associated with hosting heaps of personal information online.
Placing the onus on the consumer
This all boils down to one conclusion: the reality is that consumers and organizations alike need to place more value on digital identity. It’s time to re-evaluate where our personal information is being stored and how easily accessible it is.
Let’s bring this back to the question posed earlier—are consumers trusting their organizations to keep their information safe, or are they simply more concerned with getting things done quicker online? In reality, neither of these “solutions” are foolproof. Instead, consumers need to take more proactive and precautionary steps before sharing personal and—if put in the wrong hands—potentially toxic information online.
How can we prevent hackers from stealing our identity?
- Manage passwords – don’t use one password for multiple online platforms, and ensure different, more secure passwords are used for websites holding sensitive data (e.g. financial institutions).
- Only provide sensitive personal information to websites that are trusted and vital you have access to.
- Do research. Do the websites holding this data have cyber insurance? Are the companies invested in their cybersecurity and protecting against breaches? Before providing any sensitive data online, the answer to both of these questions should be yes.
- Be cautious with what is shared on social media. Don’t share any information that could be used to guess passwords or security questions.
- Monitor financial accounts. Check regularly for suspicious activity and notify the corresponding financial institution and/or the company suspected of potential fraud immediately.
While it will take some time before this is a perfect science, and before we can completely ward off the bad guys, being cautious and thinking about our data before sharing it will ultimately lead to a more secure digital future.
Andre Boysen is the Chief Identity Officer of SecureKey Technologies.