5 Questions and Answers About What to Do After a Data Breach
Question 1: Did I experience a data breach?
There are several types of data breaches. While some are targeted at large companies and organizations, others are conducted on a more personal level. A data breach that affects a larger entity is bound to lead to a larger volume of breached data. In most cases, as soon as such a breach is discovered, the story goes through the news cycle, and the service provider releases a public statement and contacts victims individually. Usually, via email. Of course, you have to watch out for phishing emails that might trick you into thinking that you need to change/share your password or reveal personal information. To learn how to recognize phishing emails, you can continue reading here.
If someone breaks into your account specifically, you might not notice when accounts are taken over and information is leaked. What to do after a data breach like that? If it is possible, you need to get the control back, and just like the victims of massive data breaches, you need to ask the following questions.
Question 2: What data was breached?
If a major data breach has been confirmed, the provider of the service is likely to list the pieces of data that might have been exposed. Of course, not all companies discover breaches in time, and not all of them report breaches right away. What kind of data gets breached depends on what kind of data was in use. For example, if your Facebook password gets leaked, and then your account is taken over, the attackers might be able to collect even more data, including date of birth, phone number, information about friends. If a medical center is attacked, the breached data might include patients’ records, social security numbers, home addresses, etc.
Cybersecurity researchers suggest that most data breaches affect financial data, medical or personal health information, personally identifiable information, intellectual property, and sensitive government-level information. At the end of the day, cybercriminals know how to monetize every piece of data, and while it certainly is worse to have multiple personal details exposed rather than just, for example, a phone number exposed, a data breach is a data breach, and every single one has to be taken seriously.
Question 3: Do I need to change my password?
Passwords are a very desirable commodity in the cybercrime world simply because they can open more doors. Passwords can be used to hijack accounts, blackmail their owners, use their good reputation for scamming family, friends, and colleagues. When you hear about major data breaches that affect thousands and sometimes millions of users, the breached passwords are often hashed. If that has happened for you as well, it is unlikely that you need to worry about having your password used for account hijacking. Unfortunately, not all hashing methods are equally as safe, and it is believed that passwords hashed with MD5 are actually vulnerable.
Without a doubt, if your password was involved in a data breach – whether hashed or not – replacing it is a crucial step. Also, it is important to think if the same password has not been reused. People continue to reuse passwords, and that is a terrible practice because if one service experiences a password-related data breach, cybercriminals have the opportunity to take all other accounts that use the same password. The biggest mistake you can make when replacing a breached password is making a small modification (e.g., changing password123 to password321). Also, if you are changing a password, you should take the opportunity to make it impenetrable. That is easiest to do with a tool like Cyclonis Password Manager, which can generate and protect passwords, as well as help you use them smarter when signing in. Use the FREE 30-day trial to see how much a simple tool like that can enhance your virtual security.
Question 4: Has my data been exploited already?
In the past, it was more difficult to figure out whether or not certain pieces of data were breached. However, now there are online tools that you can use to enter a password, a username, or an email address and learn whether or not this data has been breached within seconds. That, of course, does not reveal whether data has been exploited already. Our number-one cybersecurity tip is that you should not wait for that to happen. You need to be proactive, and you need to do whatever it takes to secure your accounts and the data that has been potentially leaked. Unfortunately, many people feel frozen not knowing what to do after data breaches.
Of course, if you can see changes within your accounts, and you know for sure that they have not been made by you, it is likely that data has been exploited already to take over your account, impersonate you, take out credit or prescriptions in your name, and so on. If you discover such activity, you must secure your accounts, and you must call appropriate parties (e.g., bank, creditor, medical center) that might give you specific cybersecurity tips to follow.
Question 5: How to prevent new data breaches?
The thing is that you might not be able to prevent data breaches, even if you know all of the cybersecurity tips because, in most cases, that does not depend on you. Of course, you can be more cautious about choosing services that are known for good security practices or that do not have a record of multiple data breaches. It is also important to look at how a certain service provider deals with data breaches. Do they report incidents in time? Do they communicate with victims in a time of crisis? What about password security? Is the service provider hashing them, and what type of hashing is used?
Basically, you have to be proactive when learning about the services you are willing to trust with your personal data. Of course, you have to be mindful about what kind of data you share as well. It is always best to share the minimum that is required. This might be the best cybersecurity tip for those obsessed with social media. Our top cybersecurity tip is to stay vigilant and respond to data breaches ASAP. Also, do not act in panic because that is when you are most likely to make mistakes, such as replacing a breached password with a weak alternative. These cybersecurity tips for passwords still hold up, and we strongly recommend following them.