How to prepare for a breach and protect accounts
Steps for how to prepare for a breach are relevant to regular users, not just business owners. A breach does not necessarily entail a massive leak from a company’s database. It can occur more personally, like having your internet traffic exposed due to unsecured connections.
Furthermore, users can also establish go-to remedies after realizing a service they use has suffered a hack. Thus, learning how to prepare for a breach means protecting data on a personal level and dealing with company-wide leaks.
What is a data breach, and how does it happen?
A data breach refers to a security incident when entities like businesses lose control of their assets. In 2021, data breaches affected nearly 6 billion accounts, and social media was the source of 41% of incidents.
- A data breach can happen in a company where you deliberately share your information. It could be streaming services, banks, retailers, or other businesses.
- Data exposures can also happen in companies you have no direct contact with. For instance, the provider you choose could share data with marketing firms or data brokers. Users consent to such data-sharing between companies in terms of use agreements.
Hackers that invade corporate resources can steal data, either for personal use or with the intent to sell it. So, a hack might remain undetected if perpetrators do not put the data for sale. In some cases, attackers could publish information in underground forums for anyone to see.
So, most people associate data breaches with attacks, as in malicious parties hitting services directly. However, a data breach can refer to situations when companies fail to protect their clients’ data. Such data exposures can occur if a business leaves particular databases accessible.
What information can a data breach expose?
Data breaches have been incredibly harmful to businesses and users for years. Over time, perpetrators devised new strategies to reap data and combat improved defense strategies.
However, the main reason for their severity is the information they leak. And usually, highly sensitive information ends up compromised for basic security oversights.
Data breaches can reveal the following details about users and companies:
- First and last names.
- Usernames.
- Passwords.
- Email addresses.
- Social Security numbers.
- Birth dates.
- Banking information.
- Passport numbers.
- Home addresses.
- Credit card numbers.
- Phone numbers.
- Medical data.
- Driver’s license details.
Of course, businesses can significantly reduce the severity of data breaches if they use appropriate data security measures. Data hashing and encryption are common practices organizations use to secure data.
How can you prepare for a breach?
Most data breaches occur beyond users’ control. However, learning how to prepare for a breach means reducing the chances of financial losses and identity theft. According to our statistics, many Americans see identity theft as worse than murder.
-
Take caution with the signup process
Think twice before disclosing too much personal information when signing up for a service. The more information companies have, the bigger fallout is possible in case of data breaches. So, reveal personal information only when necessary, like your home address for receiving ordered goods.
Additionally, you should know how apps or services deal with protecting your information. You can usually find such information in help centers or contact customer support to find out more.
For instance, Bolt, a popular ride-hailing app, does not use encryption to deal with clients’ credit card details. Instead, it generates tokens: random codes representing financial information.
-
Know what to do
We have listed some of the most common details that data breaches compromise. You should know the organization or entity to contact in each case.
The most time-sensitive details are financial information and passwords. So, call your bank hotline to work out your options as soon as possible. Of course, it might take time for an organization to detect a breach and inform its clients. Therefore, pay attention to your transaction history and look for any fraudulent charges.
When it comes to passwords, the first rule is changing the credentials of the affected service. However, it is also important to remember if you have reused the leaked password anywhere else. Password managers are helpful as you can see all credentials in one convenient place.
So, here is a brief summary:
- Remember to contact your bank as soon as you learn of a possible data leak.
- Look for fraudulent activity on your bank account.
- Keep credentials in password managers to have easy access to all combinations.
- Do not reuse passwords more than once.
-
React to attempts to log into your accounts
After a data breach, outsiders could try the leaked email-password combination on other targets’ services. Since many perpetrators dump all stolen data online, anyone can try to gain unauthorized access.
Luckily, many digital services send alerts about unusual login attempts. Once you receive these security notifications, change the password to close all active sessions.
-
Use two-factor authentication
You should enable two-factor authentication whenever this security option is possible. It adds a step to the login process. And even if hackers have the correct username-password combo, they won’t be able to conclude the authentication. It is because you hold the way to receive temporary tokens for 2FA. If possible, you can also set security questions.
-
Close old accounts
Old accounts can be a liability. You might register for a service, make one order, and forget about it until you receive a breach notification. If you reuse passwords, a data breach from an old login could expose credentials of more recent accounts. Plus, you might have linked old profiles to calendars, personal notes, or contacts.
You also might have used Signing in with Google or another popular service option. It could be that you no longer use most of these accounts linked to your Google profile.
Users can find these Google-linked profiles by opening Account -> Security -> Signing in with Google. Then, you could find old accounts you no longer use (and should delete).
-
Use account monitoring
Breach monitoring refers to services that scan the web to find whether your information has been compromised. For instance, Atlas VPN offers a Data Breach Monitor, continuously checking if your email address has been exposed.
It looks at publicly leaked databases and sends alerts if it detects new risks. So, you can quickly change your credentials or perform other actions to mitigate a data breach.
-
Encrypt internet traffic to protect data
Unsecured networks can facilitate data breaches for connected users. If a network is vulnerable, it could expose your actions to others.
Such data leaks could occur if you log into an unencrypted site. Then, snoopers could see the information exiting and reaching your device. In the worst case, they could hijack sessions and log in to services as you. Depending on the hacking method, perpetrators could obtain various types of data.
To prevent such network data breaches, we highly recommend installing a VPN. A Virtual Private Network fixes lack-of-encryption problems by scrambling all internet traffic. Thus, you can safely and confidently connect to any network!