Protecting Your Personally Identifiable Information (PII) from Cybercriminals

Author: Jeremy Harlan, Security Helpdesk Tier 2 Support Specialist, NetGain Technologies

Online information is as valuable as gold—and cybercriminals know it. There’s an entire underground market dedicated to trading, buying, and selling stolen or scraped data. That’s why making thoughtful choices about your online presence is crucial—not just for protecting your personal data, but also for protecting your online reputation, and even your physical safety.

As a cybersecurity analyst, I’ve witnessed just how easy it can be for bad actors to piece together a detailed profile of someone with a bit of research and time. This information (your personal data) is often used to plan phishing attacks or employ social engineering tactics to impersonate individuals, gaining access to networks, online accounts, and even banking information.

So, you might be wondering: how can you protect yourself? Start by making a list of all the social media platforms you use – Facebook, Instagram, X, LinkedIn, etc.

Here are my top 3 tips for reviewing your social media platforms.

1. Set your profile to private. I highly recommend setting your profile to private. If you’re opposed to that and prefer not to go completely private, most platforms allow you to customize your settings so only trusted friends and family can see your posts.
2. Protect your personally identifiable information (PII). This can include your location, phone number, email address, workplace, birthday, etc. Unless you’re a public figure (topic for another time), personal data should remain private.
3. Clean up old social posts. Many people overlook that their past social posts or tags from friends on public profiles might still be visible. Take a moment to un-tag yourself from anything you don’t want to be associated with and review your privacy settings.

Another huge source of cybersecurity risk is the features within social media. For instance, the check-in feature might seem harmless, but from a cybersecurity perspective, it’s a goldmine of information. Check-in allows anyone to track where you go, the events you attend, and even your favorite places to eat. This data can be exploited! Do you remember the 2024 Ticketmaster incident? Cybercriminals used information people casually shared about events they were attending to create highly convincing phishing scams. It’s a reminder that even innocent features like check-ins can become tools for bad actors if we’re not careful.

Sharing photos of events, yourself, or your family is perfectly fine, but take an extra step before posting. Many people don’t realize that photos often contain metadata. What is metadata? Metadata on social media is the hidden information about a post, image, or video that explains things like who made it, when and where it was made, and how people are interacting with it.

That’s right, you read it correctly. The images that you post on social media can include your geographic location!

Fortunately, most modern smartphones allow you to turn off this feature. Why is this important? If metadata isn’t removed, cybercriminals can easily extract your location, posing a physical safety risk.

By now, you might be noticing a trend: protecting your online presence is all about limiting the information bad actors can use to build a profile of your behavior.

Are we there yet?

Not quite. Cleaning up your social media platform privacy settings is crucial, but you must also clean up your passwords.

Are you using the same password everywhere? Do your passwords include names, birthdays, or other personal details? If so, change them.

Use strong, randomized passwords, ideally with a password manager (not your browser’s built-in manager). Avoid browser password managers, as they store passwords in unencrypted plain text, making them easy targets for cybercriminals. Think of it like saving all your passwords on a sticky note pinned to your computer—it’s just not secure.

Consider Bitwarden for a password manager if you’re looking for a free option. I’d go with Keeper Security’s Password Manager if you’re willing to invest in additional features. Both are user-friendly, offer browser plugins for auto-filling passwords, and support MFA**, including one-time passwords.

** If you don’t know what MFA is by now, you should. MFA stands for Multi-Factor Authentication, and it’s a no-brainer layer of security you should incorporate into your routine.

How are you securing your smart phone and apps? Do you simply use a pin number, or do you use biometric authentication like fingerprint or facial recognition? The bottom line is that the more login barriers you create, the harder it becomes for bad actors to access your information.

Have you ever Googled yourself?

Be your own private detective and research yourself. See what you can find! Get a feel for how searchable you are and what information about you is publicly available. If you find something online that you want removed, you can simply ask whoever posted the material to remove your data, or you can make a DMCA request, which is a legal notice sent to infringing website owners and service providers to remove copyrighted material.

Protecting your online presence is no longer optional—it’s essential.

By taking steps to clean up your cybersecurity health, you create layers of defense that significantly reduce your vulnerability. Awareness is your first line of protection, and simple actions like turning off photo metadata or being cautious about what you share online can make a big difference. When it comes to cybersecurity, proactive measures are your greatest ally.

If you’re concerned about your organization’s cybersecurity health, or if you have any questions about your personal online safety, contact us. We’re proud to be a top 250 internationally ranked MSSP (Managed Security Services Provider) with a dedicated team of reliable security experts available around the clock, helping protect small to medium sized businesses from devastating loss due to lack of proper cybersecurity measures.

This article was contributed by Cybersecurity Expert, Jeremy Harlan.

Jeremy Harlan is a Security Helpdesk Tier 2 Support Specialist at NetGain Technologies, leading efforts in vulnerability management, DNS security, and forensic investigations. An Army Veteran with a background in IT, Electronic Warfare, Emergency Management, and Cybersecurity, Jeremy applies a disciplined approach to identifying and mitigating security threats. He holds certifications in Physical and Cybersecurity Critical Infrastructure from the Department of Homeland Security.