With shoppers rushing to their keyboards over the Black Friday weekend, it is more important than ever to consider the security of your personal data and what to do if an online retailer you use suffers a data breach. If this happens, and your account access or personal data is compromised, you should receive a ‘data breach notification’ from the service provider.
In the majority of cases this will take the form of an email with a subject line along the lines of “Notice of a data breach” or “Please reset your password”. Inside this email, alongside the grovelling apology and promise of action, will be details of the data that has been exposed or stolen.
Although every data breach can be subtly different the steps you should take after receiving a breach notification are fairly standard.
1. Establish what information was compromised
When you receive a notification about a data breach affecting one of your accounts, you should carefully read the details so that you can work out exactly what information has been compromised. One of the key things to check is usually the date of the breach: sometimes companies don’t notify you until weeks or months after the incident, especially if they have only just become aware of it (or forced to admit it).
The independent website ‘haveibeenpwned.com’ catalogues data breaches. If you enter your email it will tell you of any (known) breaches that may have exposed that email address, together with details of when they occurred and what other data may have been exposed. This is a really useful tool.
Once you know what information has been exposed you can take proactive steps to avoid worse consequences.
2. Change your password(s)
Whether or not login credentials were exposed it is probably best to change your password on the account that was compromised. The email notifying you of the breach will often contain a link to enable you to do this.
If you use the same password for other sites you should also change those, because hackers often try stolen combinations on a variety of other popular sites on the off-chance they will give them access to those too.
Why not take advantage of a password manager app to generate and store secure and almost impossible to guess passwords? Some of the most popular ones are Dashlane, NordPass, Bitwarden, and mSecure.
.
3. Set up multi-factor authentication on your important accounts
Multi-factor authentication (MFA) is a way of protecting account access by adding extra layers of security. It essentially means that a simple username/password is not sufficient to access an account. Two-factor authentication is a variant of this where a second code or password is needed to access an account. There are many types of extra authentication but the most common is a one-time passcode (OTP) that is sent to a device (such as a mobile phone) that only you have access to. This makes it very much harder for someone to hack your account. Other examples include USB keys, thumbprint scans, tokens and smart cards.
If financial information has been exposed
If the data breach notification says that the breach involved your financial information you need to act on this as a matter of urgency.
The first thing is to alert your bank of possible fraud and keep a close eye on your statements for strange transactions. Your bank may decide it is safest to cancel your current card and issue a new one.
The next thing you should do is request a free credit report. This will show if any new accounts have recently been opened up in your name. Sometimes cybercriminals will do this in order to access credit facilities.
Data breaches are nothing new and are unlikely to stop happening any time soon. This is why you should always practice good password hygiene, use MFA, be vigilant about giving out personal details and avoid signing up to things online.
If you are concerned about security especially within your business and for your end user identities then give Cloudworks a call. We are specialists in cyber-security, cloud technologies and support. In addition, we continuously monitor our clients IT cloud infrastructure to ensure they are secure and protected against the latest threats. Give us a call to find out more and we will find the best strategy and solution to fit your business.
Call Cloudworks on 0115 824 8244 or email info@cloudworks.co.uk