Response from Russ Munisteri, CASP+, CEH, assistant director of education, MyComputerCareer.
Personally identifiable information (PII) can be defined as any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. In other words, protect your data and protection involves knowledge and skill.
As an educational leader we need to provide the necessary training and skillset to raise awareness and educate students in information technology. Through IT certifications, students learn how to secure PII, harden networks and servers, learn the concepts of social engineering, and the importance of security. This can be provided to students through instruction, curriculum, and hands-on labs.
Social engineering needs to take the spotlight. The days of brute-forcing passwords and physically bypassing security are not as popular with threat agents and cyber-attackers these days. There is a faster way! According to NIST SP 800-61 r2, social engineering is an attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks.
This concept is very low-tech, quick, and inexpensive to execute. If an attacker can earn your trust, the attacker will bypass most layers of security. Throughout my IT experience and education, social engineering is a topic that I stress on. Phishing, Vishing, Smishing, Whaling and Impersonation attacks is one side of SE, but what about the other side? Identity thieves, scam artists, governments, salespeople, disgruntled employees, and the list goes on. What about parents and children? The list below provides ways to reduce the likelihood of a social engineering attack: