Protecting yourself after a data breach

Protecting yourself after a data breach

At least once a week, we receive a call from someone who’s had an identity theft because of a data breach. This week we’ve had two. In one, the call came from a senior who’d had his banking credentials exposed and received a call from a seemingly nice lady who wanted to help him reset his password.

Here’s the hint: She wasn’t really very nice.

There’s a high probability that, at some point, you will be the victim of identity theft if you’ve been a victim of a data breach. Me? My personally identifiable information is out because of the OPM database a few years ago. I’d bet it’s out there because of several others as well –many that I don’t even know about.

So what’s a victim to do?

Here are some best practices that we recommend on every call:

1.     Change your passwords…. NOW. Start with your banking and move through the list. And when you’re doing that… By changing your password on some accounts, you have the option of kicking off anyone else that might be on it, making them have to know your new credentials. And don’t forget the rules. Every password should be unique, using at least 15 characters and a compilation of upper- and lower-case letters, numbers, and special characters.

This can become messy fast. How do you remember all those passwords without writing them down somewhere? Try using a password manager. There are several good ones out there. DashLane, 1Password, SaaSPass, and others are all very good.

2.     Turn on Multi-Factor Authentication wherever it’s offered, especially on banking and email. Don’t forget your social media accounts, shopping, and anything else you can think of when you come to a site for the first time after a breach. Fix it… turn on Multi-Factor Authentication.

3. Tell your bank or other financial institutions you’ve had a problem. Consider placing a freeze or alert on your account.  

While you’re there, set up alerts for any activity in your bank account –before any money movement.

4.     Review and validate every request for money, especially wires of larger sizes. AI-based scammers have already copied videos and Voices, so pay attention. In one case, I suggested taking a screenshot of the video call where the request was validated and running it through Google Images. It’s not perfect, but it’s one more validating point.

5.     Freeze your credit. Contact the three major credit agencies and freeze your credit. Tell them you may be the victim of a data breach or identity theft.

 

And if you still have a problem, set up a complimentary 30-minute call with a Trusted Internet Virtual CISO™.