In H.G. Wells’ famous science fiction novel “The Invisible Man,” a scientist learns how to make himself invisible and starts a “reign of terror” in England, committing acts of violence and crime.
Since then, “invisible” crime has become a popular theme in the horror genre. But it’s not entirely fictional. Americans today are facing our own “invisible man” – a very real but hidden threat to our safety and privacy.
As we’ve been fighting the invisible threat of the coronavirus, another major danger has fallen off the front pages – the hundreds of thousands of criminals who are ramping up efforts to steal our identities, our money, our medical records, and more. At the same time, we’re also facing the threat of “legal theft” – tech giants and third-party advertisers who use our data without our permission, increasing the possibility that this data falls into the wrong hands.
The global cost of online crime is expected to reach $6 trillion by 2021, according to Cyber Defense Magazine. This number seems astronomical, but not when you consider that Facebook accounts are hacked 600,000 times a day; 85% of all attachments emailed daily are harmful for their intended recipients, and one in four Americans have already experienced cybercrime.
Then there’s the rise in cybercrime during the pandemic. A congressional hearing this summer found that cybercrime is up 75% during COVID-19. Adding to this threat is the fact that users are three times more likely to click on pandemic-related phishing scams.
Behind these threats is the lack of data privacy online – and our own perceptions that we can’t control our own data or what is done with it. Whenever we enter our personal information online – whether it’s creating an account on a retail site, signing up for telehealth services, or posting on social media – the privacy of that data and our identities is at risk.
One customer of IDX did a quick online search and found that most of her personal information was available on the internet and that one website even had the last four of her social security number. Even when they removed her from their site, Google was still displaying the search result with her social security number.
Sometimes our data is stolen because of a direct action we’ve taken – like a hacker finding out our address through Facebook marketplace conversations, or because we click accidentally on a malicious link in an email. But the reality is that we also can’t trust the companies we intentionally give our information to. They are just as much the victims of cybercrime as any individual.
Opponents to stricter data privacy rules are trying to protect a system in which data can be used for good – to recommend products while we shop, for example, or to enable us to share our medical records between doctors. The problem is that it is becoming increasingly clear that sophisticated hackers can access even the most “well-protected” data, and can breach companies with the best of intentions.
It’s disheartening to see how cheaply our data is sold online. The Wall Street Journal reported that just $3 can buy a Social Security number, and $100 can buy an entire set of personal data. Bank account credentials with a balance of $15,000 can cost only $500. What this means is that criminals must steal and sell a lot of data to make a significant amount of money.
So, what do we do about this? Legislation can be effective, but two-thirds of Americans understand little (or nothing) about current data privacy laws and regulations Americans must take their data privacy into their own hands as well. Here are three tips:
1. When setting up new accounts, use unique passwords for each new account, and try not to use the same email address for all accounts.
2. Customize your privacy settings on a site when you are setting up a new account.
3. Use a Virtual Private Network (VPN) to secure your connection and avoid public Wi-Fi networks for any online behavior that involves personal information.
We should be vigilant about our online behavior the same way we are vigilant about our behavior when we are out of the house during COVID-19. In both cases, the threats are very real, and very invisible. We don’t know when we are exposed. But we’re not helpless in protecting ourselves. Small, consistent, smart decisions can have a big impact in the long run.
Tom Kelly is president and CEO of IDX, a Portland, Oregon-based provider of identity protection and privacy services such as IDX Privacy. He is a Silicon Valley serial entrepreneur and an expert in cybersecurity technologies.