Anyone can be breached. No one is immune to a cyber attack. Therefore, it is vital to protect yourself at all times, particularly, if you share personal data on personal or corporate devices. Equifax is a perfect example of how even a trusted provider can be breached! It is absolutely necessary to try and stay one step ahead of identity thieves by following simple and smart tips to protect your sensitive information.

Find Out What Information Has Been Leaked

It is important to find out exactly what information has been leaked or stolen because some data are more sensitive than others. If you signed up for credit monitoring, for instance, and you receive that deadly email notifying you of a confirmed data breach or potential data breach, immediately seek the exact pieces of data that may have been compromised. Your next steps depend on whether the information is now available to cybercriminals and hackers. Having just your email address revealed might be annoying, but it is highly unlikely to lead to devastating consequences unless your password was also revealed. However, regardless of whether your password was revealed as well, it is imperative that you reset your email password to stop a flood of spam through your account. If the breach revealed other pertinent information you could be at greater risk. For example, if your Social Security number was been revealed, you are at high risk of identity theft because hackers could open fake bank and credit accounts in your name. Thus, knowing what was revealed as a result of the breach is a key first step.

Change Impacted Passwords Right Away!

Cybercriminals and identity thieves highly regard passwords as their prime target because they sell the compromised credentials on the dark web. Change your passwords immediately if they have been revealed in a data breach! It may not be enough to change the compromised password only at the impacted site, especially if you use the same password at multiple websites. If that is the case, change all those credentials immediately and while you are it, make sure that each site uses a unique credential to avoid recurrence.

Implement Two-Factor Authentication

Two-factor authentication such as Duo Mobile Security or Authenticator by Microsoft provides an extra layer of security by requiring you to enter a randomly generated code provided by the two-factor Authentication application as an extra step during the login process. Depending on the Two-factor authentication application used, the code could be sent to either your smartphone or displayed on an Android or iOS app. This extra level of security is in addition to your standard username and password to provide additional protection for all your web accounts. In the unfortunate event of a data breach, implementing two-factor authentication is a very wise and smart approach because even if a hacker or cybercriminal purchases your compromised credentials on the dark web, they will be unable to gain access to your web accounts without the extra layer of security you implemented.

Consider Using a Password Vault or Manager

It is very reckless and dangerous to use the same passwords at multiple sites. Instead, I recommend setting up a separate unique set of credentials for each site you visit. Unfortunately, it is cumbersome to keep track of all those unique user names and passwords. This challenge of having to remember credentials for each site could lead to the temptation of backsliding into the same old habits as soon as the current crisis passes. Therefore, strongly consider using a password vault or manager to protect all of your accounts and maintain online safety. Password vaults or managers create unique sets of encrypted credentials on demand and then keeps track of the information in an encrypted database. A single master password is all you need to access the vault that contains all the passwords, meaning that you only need to remember one set of credentials.

Sign Up for Transaction Alerts through Your Bank and/or Credit Monitoring Service

If it is confirmed or highly probable that your accounts may have been compromised, sign up for transaction alerts right away because they instantly notify you of purchases, withdrawals, and other account activities. The notifications could be sent to your designated smartphone or email address whenever a transaction or activity occurs in your account. Contact your bank right away if you did not authorize and do not recognize a transaction in your account.

Consider Freezing Your Credit Report

If you do not plan to apply for a loan or credit card in the near future and your account was confirmed to have been breached, consider freezing your credit report. Credit report freeze is a significant and necessary step to protect your identity and finances. A credit report freeze means that no one, including you, can access your file or open new accounts until it is lifted. The downside to freezing your credit report is that it could make applying for a mortgage or car loan, for instance very difficult. However, putting only a temporary freeze on your credit file might be less challenging if you do not need any extra in the interim.

Being a victim of a data breach can be your worst nightmare and certainly very frightening. However, prompt and swift action could help mitigate the impact or damage and prevent any issues from escalating or worsening. The actions you take in the unfortunate event of a data breach matters more than you comprehend because they could protect you from cybercriminals, hackers, identity thieves, and other bad actors.

Contact me for more information about how you can scan the dark web to see if your email address or sensitive information has been compromised and out there for sale by cybercriminals, hackers, and identity thieves.

Dr. Vivian Lyon, DIT, MSIT, MSc.IT, MBA
CIO & Founder, Plaza Dynamics
Connect with me on LinkedIn