- Shred-it's latest International Fraud Awareness Week Report reports that 33% of Americans have fallen prey to information fraud or identity theft.
- 41% of those who were the target of online or physical fraud reported that their credit card number had been stolen or used.
- Still, 51% admitted to reusing passwords and PINs across multiple accounts.
From executives to entry-level employees, we all are responsible for securing our personal information. We create strong passwords for our email accounts, establish PINs for various bank accounts and, if we're being particularly careful about preventing unauthorized access to sensitive information, implement two-factor authentication for extra protection.
Or do we?
According to Shred-it's second annual International Fraud Awareness Week Report, nearly half (46%) of Americans polled feel they're vulnerable to information fraud or identity theft – and that could be in large part because they're committing some major information security sins.
"Despite a rise in data breaches this year and heightened concern over identity theft, Americans' security habits are making them more vulnerable than ever to information fraud or identity theft," said Michael Borromeo, vice president of data protection at Stericycle, the parent company of Shred-it. "It's vital that security leaders bring awareness, and stress the importance of protecting customer information, both online and in physical form, not only during this week dedicated to preventing fraud but every day."
According to researchers, the survey polled 1,200 U.S. adults throughout October and sought to understand people's security concerns and habits and gain some higher-level insight on information security and fraud. To that end, participants were asked 21 security-related questions.
What researchers learned, according to the survey, was that Americans care about securing their sensitive data but may not be the best stewards themselves. [Read related article: Cyberattacks and Your Small Business: A Primer for Cybersecurity]
Lax keymasters and shady gatekeepers
To say data breaches and the theft of sensitive data has become commonplace would be an understatement. According to Norton, there were 3,800 publicly disclosed breaches and 4.1 billion exposed data records in the first half of 2019 alone, meaning that this year could set a record for both metrics.
With that many instances occurring in just the first six months, it's easy to understand how 33% of respondents to Shred-it's survey said they had been a victim of information fraud or identity theft. Of those who said they'd fallen prey to breaches, 41% said their credit card number had been stolen or used, and 22% said their information was stolen from physical paper documents like their mail, paper files at work or their W-2. Another 20% said their information was stolen when a company they do business with was hacked.
Still, when faced with the real possibility that they could be the victim of fraud or identity theft, researchers found that respondents often failed to take preventative steps to protect themselves. Sharing login credentials with other people is generally considered a no-no, but 20% of respondents said they did just that for internet, entertainment or TV viewing services with family and friends. Gen Zers were found to be the group most likely to share their login credentials at 36%, while millennials were close behind at 30%. Boomers were found to be the stingiest with their credentials at 11%.
People are so lax when it comes to their login information that 31% of respondents said they could "guess their significant other or close family member's passwords." [Read related article: How to Create a Strong Password]
People distrust brands, but will use them so for convenience
Target, Marriott, Equifax – all three companies had incidents that resulted in the breach of millions of accounts, held by everyday people. These high-profile incidents made headlines and alerted people to the fact that their data may have been compromised.
More than one-third of respondents (34%) said they would stop doing business with or delete their account with a company or brand that suffered a data breach. Furthermore, 41% said they believed that brands do not do enough to safeguard customer data. Researchers also found that 73% of respondents said they would gladly conduct business with a company that offered some sort of cyberinsurance protection.
Still, researchers found that a significant number of Americans do not take adequate steps to protect themselves. According to the survey, 28% of respondents said they changed their passwords or PINs "only sometimes" after a company they regularly work with suffers a data breach, while 9% said they don't update their credentials at all.
Even more problematic from a data security standpoint is that nearly half (43%) of respondents said they still stored credit card data on a company or brand website that's been hit by a data breach in the past. Approximately 35% of people with paper documents containing sensitive information also told researchers that they keep those documents in an unlocked box.
When asked to choose which actions would make them the most vulnerable to a data breach, 41% said online retail purchases would be the riskiest, followed by 21% saying banking online, 20% saying leaving a paper trail for in-person purchases and 8% saying traveling. [Read related article: How to Improve Your Small Business's Cybersecurity in an Hour]