What Happens When You Receive a Breach Notice?

You are bound to feel powerless when someone notifies you that your network has been breached. You get an email or phone call from a business saying someone breached your data. It happens all too often today.

Here at ITFIRM.COM, we’ve had numerous occasions when either we or one of our clients has received a scam email from a normally trusted source. They typically come from users who have had their email hacked and we happen to be in their address book when the hackers send out phishing emails to everyone.

Businesses of all types, from banks, social media sites like Facebook, to e-commerce stores, suffer data breaches. Governments are certainly not immune to these attacks, which can leave important Personally Identifying Information (PII), like your address, Social Security Number (SSN), and credit card details exposed to thieves.

Even with the best security, you have little control over your business getting hacked, because it’s not a matter of IF, but of WHEN. You do your best to prevent them, but they happen. There are important steps you can take afterwards. We’ve outlined the most important things to do below. These steps can help you mitigate the financial losses.

Change Your Passwords

You can find this in the big ‘DUH’ file of things you need to do. Change the password for the service that sent you the breach notification first. Then, change it for any logins using the same password - if you have disregarded the notion that EVERY login should have its own, unique password.

One of the best practices is to use unique logins for every site. Many people get in the habit of using the same password in several places – and bad passwords at that. This leaves more than the single breached login at risk. Use a password manager to help you create strong passwords. You only need to remember the login for the password manager to access all the others.

Initiate Multi-Factor Authentication (MFA)

Multifactor authentication is a crucial tool to keep accounts secure, even if a hacker stole the password. Enable MFA for the breached service. Then, ensure you have MFA activated for all other logins, where possible. MFA is also called two-factor authentication or two-step verification.

The most common forms of MFA are:

• Text message
• Authentication app
• Security key

Quickly Check Your Banking Activity

If you have had a breach of payment card data, check your bank accounts for any unauthorized activity. You’ll want to watch these for several weeks for fraudulent charges. Report the breach to your bank to have them issue you a new card, if needed.

Make sure to notify your bank about the 3rd party data breach. This can help keep you from being held responsible for fraudulent charges. It’s good to get out ahead of it. Your bank can then help you with appropriate steps to avoid fraud.

Freeze Your Credit Immediately

Rather than using them for their own breach attempts, criminals will often sell stolen personal details. These details can enable someone to take out credit in your name. Contact the three credit agencies. They each have ways to freeze your credit to protect you. You can do this right on their websites.

The three credit agencies are:

• Equifax
• Experion
• TransUnion

Examine the Breach Notification

It is extremely important to understand exactly how the data breach may impact you. Review the notice you received. Additionally, look for updates on the notifying company’s website.

What you need to look for:

• What type of data has been exposed (passwords, card numbers, etc.)
• Any reparations the company is making (e.g., credit monitoring)
• What are new instructions given to secure your account
• Check the company’s website regularly. Often, they don’t immediately know how far reaching the breach is. You may check back later and find out other types of sensitive data were exposed.

Adopt Robust Cybersecurity Protections

If you don’t have these security measures in place, do it right now. There are some simple tools you can use to make sure you protect your device and network and beef up personal device security. These include:

• A good antivirus/anti-malware program
• DNS filtering to block malicious sites
• Email spam filtering for phishing

Another good protection is the use of a Virtual Private Network (VPN). This helps mask your traffic and encrypts your communications. It is especially helpful if you’re using a public Wi-Fi. VPNs are easy to use. You can use VPNs for both computers and mobile devices.

Be on Your Guard Against Phishing Scams

Learn how to spot these scams. Data breaches often expose email credentials. This means you may receive an uptick in phishing emails. Phishing has become much more convincing since criminals have adopted AI for crafting these scam emails. Phishing emails often are hard to spot from the real thing.

Look for any unexpected or unusual emails. Follow these best practices to avoid becoming a phishing victim:

• Hover your cursor over links to see the full sender’s address.
• Go to websites directly. DO NOT click links in an email or SMS.
• Be cautious with unknown senders.
• Watch for phishing on social media and text messages.
• When in doubt, double check through an official source

Automatically Update Your Software & Systems

The first thing hackers look for to exploit are unpatched vulnerabilities. How do you get unpatched vulnerabilities? Most times it’s from failing to keep software updated.

Also, update your device operating system. Update all apps or software on your devices. Update firmware for routers and printers. Update firmware for smart devices.

Automating your updates is a good way to stay protected since there are so many updates we need to do with our electronics.