Data breaches don’t just affect people who are careless with passwords or fall victim to phishing scams. With the rash of large-scale breaches today, it has unfortunately become easy for your personal data to be compromised without you even having to do anything. Even if you go out of your way to keep your information secure, you have zero control over hackers massively ripping off large organizations that must safeguard the vast amounts of data they hold. This is especially true of organizations that do not provide devices to employees and have a BYOD (Bring Your Own Device) policy.
You can check with Privacy Rights Clearinghouse to find out if you were inadvertently victimized by hackers and take action. You want to make a damage control plan before your data gets compromised, so that you don’t have to panic if a breach does take place. Here’s what you need to do:
Change your passwords immediately.
The same goes for PIN and security codes. If you have “pet passwords” that match or are similar to the one used on the compromised account, change it immediately.
You should also enable two-factor authentication on as many of your accounts as possible. If you were already using two-factor authentication, which is commonly a second password or code, make sure that the second factor has also been changed and that you also aren’t applying the pet password principle to it across your accounts.
Be mindful of communications from the organization that was breached recently.
There are many phishing attempts that are made to look real, and cyber criminals are ruthless. They may send emails containing malware and other attempts to get more personal information, or even ransomware. Beware of texts and calls from unknown numbers as these are also usually related phishing attempts. The real organization is likely to communicate with you following up on a breach, with a verifiable phone number or email domain.
Open up communications with the organization yourself.
You should contact the breached organization directly. Don’t wait for them to come to you. Find out the extent of the damage and what their information security department’s course of action will be. They may have additional instructions on what to do next. However, you should also try to find out what kind of information was stolen. Even if they tell you it was encrypted, don’t trust this claim because the hackers already have that information.
File reports with the local police and the Federal Trade Commission, but wait until you have more information.
Your first instinct may to be file these reports right away. But your reports need to include the extent of the damages, and every single incident, and the compromised organization might not have this information right away. If you decide to file these reports you should take note of everything you do as well as everyone you speak to.
Keep a watchful eye on your credit report as well as your snail mail and email.
Hackers may have tried to open a credit card in your name and you should be wary of anything that seems off with notices in the mail and your email. It can be tempting to just report those messages as spam or group credit card notices with junk mail, but once you’re aware of the breach you should immediately check your credit report. Contact the credit bureaus to put a fraud alert on your file.
Global Learning Systems can educate you and your employees on data breach prevention and other best practices for security, as well as what to do in the event of a large-scale data breach. Our instructors are one step ahead of hackers so that you can be as well. Contact us today!