Data breaches are terrible and often disruptive for everyone involved. A data breach can be a reputational nightmare for a company, but things can be much worse for their customers.
Where do people even begin to do damage control when they hear their information may be compromised in a data breach? Well, here are five essential steps to take if someone suspects data has been stolen.
Verify if any data was stolen
It can be easy to panic every time a new data breach notification pops up, but at first glance things may not be too serious. Since not all systems operate the same way, only some people’s data may be compromised. Whenever a data breach occurs, a company is usually able to protect some data.
So the first step should always be to verify whether a data breach has occurred and determine what happened. Usually, people go to news sites for this information, but it’s better to hear it directly from the source. Be on the lookout for any announcements from the company, and if they are missing, contact them for information.
Everyone has the right to know what’s happening with their data. If a data breach has occurred, they must know about it. So the company has to inform everyone, but sadly this is not a perfect world.
Find out what was stolen
Before you can make any decisions, it’s important to understand what type of data we’re talking about. Email addresses can be at risk due to the possibility of phishing, but passwords are worse – especially if people reuse them or don’t enable 2FA. You can cancel your credit card, but there’s no way to change your social security number.
So understanding what type of data is currently being compromised helps:
- Know the severity of the problem.
- Realize what needs to be done in the future to limit the possibility of any further damage.
What types of data could hackers reveal in a breach?
- Email address (most common)
- Password and security question
- Phone number
- IP addresses
- Personal information such as first and last name, date of birth and physical address
- Credit/debit card information and other banking details
- Social security number
- Personal identification, such as a driver’s license
- Intellectual Property
- Personal photos or videos
The theft of any combination of these types of personal data can have devastating consequences. Criminals can hack into important accounts, empty a person’s bank account, commit identity fraud or commit credit card fraud.
Get a plan in motion
What often turns a data breach into a crisis is when people do nothing about it. They learn that their data has been stolen, panic, and then leave it alone. But this is an important time to act because you can still try to save the situation.
However, what you need to do depends on the situation. First, see if the company offers any help to deal with the consequences of the breach. Many companies will (and really should) provide support with things like consulting, supervision, and even financial compensation. After the 2017 Equifax breach, the credit reporting agency offered cash refunds, identity restoration services and credit file monitoring.
Even if the company doesn’t offer anything of the sort, it’s important to take a practical approach. For example, if a hacker steals your password, make sure to change the password and security questions for that account. Also, add two-factor authentication if you haven’t enabled it for that account. If credit card information is stolen, check your credit report and monitor account activity. Also, consider placing a credit freeze or fraud alert on the account, or just canceling the entire card.
This is also the time you should start to be more vigilant. Be on the lookout for scams, scam calls, and any unusual account or device activity. If any personally identifiable information (PII) such as social security or driver’s license is compromised, relevant authorities must be notified. For example, if your driver’s license number is leaked, you should notify the authorities.
Enhance online security
Cybersecurity is not a one-time task. It’s a constant habit. But if someone’s data has been compromised, it’s time to reassess and adjust. First and foremost should be the password and account security. Review these and remember to avoid saving passwords in your browser. Instead, use a reputable password manager if necessary.
Online privacy and security is more than just increased security with passwords and device locks. It also has to do with what information people choose to share online and where they do it. Review each post before posting it online to see what others can glean from the information. Be wary when adding location tags.
Also, see what accounts are still open and what apps you have on your device. Delete all these old accounts and apps to give hackers an opportunity to get more information or hack the device.
Today, the problem with data is not just what people choose to share, but also what they do not intend to share. Companies, governments, agencies, websites, and outsiders of all kinds are tracking what people do online through their browsing activity. It is often called a digital footprint and contains a lot of sensitive personal information. This information is stored in various servers around the world.
While there has been some legislative reform in this area thanks to initiatives like GDPR, sadly there is still a lot of invasive data tracking going on. So people are turning to tools like virtual private networks (VPNs) to protect themselves. A VPN is a service that prevents outsiders from monitoring a device or network’s Internet activity by encrypting the connection.
When a VPN is installed, the connection is secured and is also routed through the VPN server first, making online activities private. Even a person’s ISP cannot accurately track what they are doing online. This is a great way to regain control of who owns your data.
Final thoughts
All the information and advice here is not only important for individuals. Companies should take these into account as they are also at high risk when a data breach occurs. Except their risks are often on a much larger scale.
Educate employees about cyber security and what they should do if they suspect a violation.
Categories: Technology
Source: SCHOOL TRANG DAI
