Our daily lives revolve around the internet more than ever, and with that comes risks. Cyberattacks have become an increasing issue and data breaches are the most common form of cyber crime. Experts estimate that there’s a new victim every two seconds. Despite this, data breaches aren’t hard to protect yourself from it just takes some care and skepticism. Here’s everything you need to know about data breaches, including how they work, how to protect yourself, and what to do if you’re hacked.
What is a Data Breach?
A “data breach” is a general term for any time that someone accesses electronic data or information that they’re not supposed to. The simplest example of a data breach is a hacked email account. If someone gets your email password and logs into your account, they’ve breached your data. Hackers also target bank accounts by attempting to gain access to your credit card information, social security numbers, or even online banking password, which can wreak a lot of havoc on your finances.
Things get trickier if it’s the servers of a major company that get breached. The customers can’t do anything to protect themselves here, it’s on the company they trusted with their personal data that caused the problem. If you use a password manager, you might occasionally get a notification saying that a password of yours was included in a data breach. This doesn’t necessarily mean that your accounts have been hacked, more likely, your password was included in a massive company leak.
A great deal of breaches stem from social engineering scams, such as phishing attacks, where a user gets tricked into giving up their passwords to a scammer they think they can trust. Some breaches even happen accidentally, maybe a company stores user passwords on a public website without realizing. No matter the cause, when it comes to your personal cybersecurity, there are a few best practices you should follow to protect yourself.
How to Protect Yourself from a Data Breach
It’s never been easier to have access to tools that make yourself a much more difficult target. You can protect yourself against data breaches and hacks in the same ways that you protect against most cyber crimes: Be proactive, be unique, and be skeptical.
The best time to worry about cybersecurity is before you’re ever in danger. This means making a security plan and sticking to it. If you have data stored online that you can’t risk losing, make backups of it. This might mean taking screenshots, downloading documents, cloud storage and moving data onto an external hard drive. There are many advantages of data backup and recovery, the more backups you have, the safer you are.
Keep an eye on your finances. Cybersecurity experts recommended signing up for a credit monitoring service that keeps track of any suspicious activity in your credit report. Computer users should make sure they have a good antivirus program installed. Enable two-factor authentication on your devices, websites, apps, and all other accounts. It’s a simple but powerful way to lock strangers out of your data.
Enterprise users and companies should invest in a good firewall, keep a dedicated cybersecurity team on retainer, and perform regular “vulnerability tests” to see how strong your defenses really are. Make sure you have a cyber insurance policy that can keep you safe in the event of a hack. Keep all your devices updated to ensure you have the latest security patches that will help keep you safe against new threats.
Most websites only ask for a single username and password combo to log in. This means that if you have an easy-to-guess password, or use the same password on multiple websites, it’s incredibly easy to break into your account. You’ll want to use a different password for all your separate accounts. To create a strong password follow these steps:
- It should be long (at least 12 characters, minimum)
- Use upper and lowercase letters, numbers, and symbols
- Don’t use common words or phrases like “password,” or personal details like your birthday
Cybersecurity experts recommend using a password manager which will create incredibly strong passwords for all your apps, and then automatically enter them when you need them. This lets you keep your data secure without needing to remember dozens of different passwords.
Backups are important, updates are important, and passwords are crucial. However, all the time you spend keeping yourself safe doesn’t mean anything if you don’t apply common-sense skepticism. If you receive an email from someone you don’t know asking you to download an attachment, you probably know not to do it. What if you get a text, seemingly from your bank, warning about fraud on your account? Or a private message from a friend asking you to click a “hilarious” link?
These types of scams are designed to prey on users who aren’t thinking about what they click, or who completely trust that they’re protected. Don’t click links if you don’t know exactly where they’re taking you. When you get a suspicious email or text, ask yourself: “Was I expecting to receive this? Do I know the sender? Is it even important?” If something seems too good to be true, it probably is.
If you’re not sure, directly contact your bank, or friend, or whoever is claiming they know you and ask. If you’re managing a large group of people, make sure that they’re educated about internet scams, data breaches, and suspicious links. It doesn’t matter how strong your locks are if someone inside just opens the door.
What to do if your Data is Breached
What if someone does manage to slip past your defenses and access your accounts? How do you recover and repair the damage? In the aftermath of a data breach, you have to keep calm and keep your common sense. Lots of scammers are trained to strike at people who have just been scammed by someone else, hoping to take advantage of their desperation. Keep your guard up and stay skeptical.
Ideally, you’ll want to figure out how many accounts were hacked, and change all their passwords. If you use a password manager, change your master password too. Triple-check your financial records, and if anything seems off, don’t hesitate to freeze your accounts and credit.
If you’re a company that’s been breached, get in touch with your cyber insurance team and report the breach, along with your in-house legal and IT team which would be us. While you might be tempted to delete everything that the hacker saw, you shouldn’t do it. If you do decide to get law enforcement involved, deleting too much data can count as destroying evidence.