How to protect personal data from leakage

Apply for SearchInform DLP TRY NOW

The risk of leakage of personal data is any type of device users. In 2011, the personal data of 40 million US residents - customers of the popular Target retail chain - were stolen. In 2017, unknown persons attacked servers with user accounts of Sony game consoles. As a result of the "network robbery" more than 100 thousand user accounts were affected. Timely data protection measures will help prevent massive hacker attacks or leaks that are not controlled by the developers of programs and services. The security strategy, which includes the protection of personal data, depends on what information resources the data owner uses.

Email addresses

Unauthorized access to email is the main cause of personal data leakage. To obtain data, an attacker only needs to send a malicious script, for example, in the form of an active link. The user just clicks on the link and the malicious program, using the API functions of the mail client, will receive the login and password from the mailbox. Attackers also practice other hacking options: guessing a password, gaining access to a phone number, attacks on site servers.

The minimum protection measures available to everyone include a choice of reliable mail servers with a free account: Gmail, Yahoo, Outlook, Yandex. Additional protection on resources is provided by:

  • Two-factor authentication. In addition to the username and password to enter the account, you need to enter a digital code, which is sent to the "linked" phone number.
  • Registration of an additional postal address. This will help you regain control of your mail. To restore the account, a different email address is used, which the user specifies during registration.
  • Controlling IP addresses. The settings specify the trusted IP addresses from which the user plans to log into the account, and access from other addresses is blocked.

An absolutely hacking-resistant system has not yet been invented, so the possibility of data loss due to the developer's fault cannot be completely ruled out. It is better not to store work letters, information about registrations and purchases, personal correspondence in one box. From the point of view of the security of personal data, it is advisable to hang several boxes. This will help avoid losing all data at once.

Bank cards

Neither the reputation of the bank nor the size of the bank account can fully protect against theft of bank card data. The main rule for cardholders is never, under any circumstances, to disclose all card details. To steal money from an account, a fraudster needs to know the number, the code on the back of the "plastic" and the card expiration date at the same time. Whereas to transfer money to an account, for example, only the card number is enough.

Simple tips for protecting bank accounts:

  • Use disposable card numbers. The essence of the service is to generate a new credit or debit card number in Internet banking. Even if the card is stolen, the number will be invalid.
  • Set a limit on purchases. It is best to indicate a small amount and change the limit at the time of purchase through Internet banking. The option allows you to limit spending per day, month, year and online purchases in general.

To prevent data leakage, contactless payment technologies are used: payWave, PayPass, downloading bank card data to smartphones with an NFC chip. An attacker will not see the PIN, which is usually entered when making purchases.

Personal computer and smartphone data protection

The risk of leakage of users' personal data stored on computers, smartphones and other gadgets remains consistently high. You can lose your mobile phone, and your PC can be hacked over the Internet.

The first rule of security is not to leave devices unattended in a crowded area or connect to unverified public Wi-Fi hotspots, otherwise anyone on the network can easily access the file system.

To protect your smartphone from unauthorized access will help: digital password (the main thing is not to use standard combinations "1111", "0000", "1234" and so on); pattern and biometrics scanning (fingerprint, retina, face, owner's voice).

You should not download programs from unreliable sources, most often such software contains malicious code that provokes personal data leakage.

Accounts on sites

The basic rule of account protection is never to use the same login-password pair for all resources. Otherwise, a hacker only needs to hack email to gain access to all pages.

It is better to combine symbols, uppercase and lowercase letters, numbers in passwords. The minimum recommended password length is eight characters. Additional protection measures are to use different logins and bind a personal phone number to the pages. It is important that the login does not exactly repeat the email address. When an account is hacked, you need to immediately block the profile and write to the resource administrators.

Social networks

Hacking a page on a social network is the main reason for leakage of personal correspondence and personal data. In no case should you add scans of passports, bank cards and any other personal files to public and private sections.

Signs of a hacked social media page:

  • Spam is sent from the victim's account; the Sent Items section displays messages that the user has not sent.
  • Unfamiliar users appear in friends, there is a subscription to unknown communities and groups. This indicates that the account was hacked in order to cheat. Even if the hacker does not pay attention to the fact of personal data leakage, he will receive it at any time, since he uses the page.
  • When you try to log in, a message appears that the account is blocked. This means that the built-in site protection system detected suspicious activity and blocked access to the page. The page owner needs to contact support to verify their identity and restore their account.

To protect information, you need to come up with complex passwords and "tie" a phone number to the page. You cannot store login data on e-mail, in a smartphone; log into accounts from other people's computers in case of emergency. If you cannot do without the latter, it is better to use anonymous browser mode.

Online stores

In online stores, users pay with credit cards. When making purchases, it is important to ensure that a reliable system for conducting transactions opens in the browser - the services LiqPay, Yandex, Privat, Sberbank and others.

The connection to the resource must be protected, otherwise an attacker can integrate into the connection with the bank and intercept the data. A sign of fraud is the offer to leave the card number, password, expiration date and CVV code in a plain text field.

It is not recommended to bind the data of payment cards and electronic wallets to the shopping cart in the online store. If the account gets hacked, the cracker can easily conduct transactions. All other things being equal, it is worth using the services of stores, which, before sending the goods, call back to customers to clarify the order and delivery address.

Software protection

Identity theft is also performed through installed applications, so you should never download games, programs and utilities from pirated resources. Better to search all apps on developer sites. In any case, it is recommended to scan the file with an antivirus before installing. If malicious elements are detected, the file must be deleted from the system without opening it.

Spyware, installed without the user's knowledge, monitors activity in real time and creates conditions for personal data leakage. The penetration of malicious software is indicated by advertising banners that appear on the desktop and in the notification field.

Tips for protecting personal data from malware:

  • Install only official software versions.
  • Regularly check running processes in the task manager. If the list contains an unknown program or a program that is currently disabled, it is better to stop the process and scan the software.
  • Regularly install OS updates on your mobile phone and personal computer. Developers are constantly improving software protection systems by eliminating security vulnerabilities.

Home network protection

A wireless Wi-Fi hotspot can be the target of an attack to steal personal information. Through the home network, hackers gain access to all devices that are connected to the router.

To protect personal data you need:

  • Select a data encryption system in the router settings.
  • Set a strong password to connect to the Network.
  • If possible, position the access point so that it is inaccessible outside the home.

For safe surfing on the Internet, it is better to use firewalls, or firewalls, which monitor suspicious activity in real time. Desktop operating systems have firewalls built in by default.

Working with cloud services

First of all, it is recommended to choose reliable services for storing files: OneDrive,, Yandex, DropBox. Additionally, data in the cloud will be protected by:

  • Two-factor authentication.
  • Installing official cloud storage client applications on a smartphone. Unofficial software is the main cause of confidential information leakage.
  • Using programs to encrypt page content. Special utilities encrypt data before sending it to the server, so if the user does not have an encryption program, the files will not open and will be useless for fraudsters.


Reliable comprehensive protection of personal data is based on a step-by-step protection strategy at all levels from smartphone to social media accounts.