6 Steps to Take After a Data Breach
You get an email from one of your vendors alerting you that they experienced a data breach.
What should you do next?
Don’t assume this will never happen to you. A data breach is no longer an “if it happens” scenario; it’s a “when it happens” scenario. They are inevitable, but there are ways to protect yourself and your organization when they occur.
Here are six things you should do if you have an account with an organization that experienced a data breach.
1. Check the Vendor’s Advice
No two breaches are alike. So, check with the organization to find out what’s happened and follow any specific advice it offers. Whether it’s changing passwords or how to enroll in credit monitoring, you’ll get pertinent information that can protect you and your company from further disaster.
Check the vendor’s website first for a notice or blog post but also be sure to check its social media sites for statements.
Data breaches are large and complex. New information will be discovered, so look for further communication beyond the initial update.
2. Change Your Password
Change your password quickly enough, and you’ve made the old, stolen password useless.
Be sure to use a strong password with at least 15 characters and never reuse it across multiple accounts. Reusing passwords makes it easy for attackers to access other accounts you have.
If you’re having a hard time remembering all of your passwords, consider using passphrases that are easy to remember and hard for hackers to crack. Even better, use a password manager that generates and securely stores passwords for you so you can free up that space in your brain for more valuable information.
3. Enable Multifactor Authentication (MFA)
MFA should be enabled on all accounts that support it, as research from Microsoft shows MFA can block more than 99.2% of account compromise attacks.
Avoid text- or email-based MFA, if possible, as those can be phished just as easily as a password. Instead, use an authenticator app or a hardware token that only works with your device.
Better yet, if the vendor allows it, use a passkey. Passkeys are phishing resistant, can’t be guessed or stolen, making them more secure than passwords.
Scams are getting more advanced and harder to detect. Our cybersecurity training will help you learn how to spot these kinds of scams and how to protect your organization.
4. Watch Out for Imitators
Be wary: The attackers may contact you by posing as the breached platform.
Data breaches are the perfect opportunity for scams since people expect some sort of message.
Check the organization’s communication to see if it’s contacting victims and verify the identity of anyone who contacts you via a different channel.
Check the “from” address carefully and look for misspellings or extra characters. Hover your cursor over links to ensure they take you to legitimate websites.
Take your time and read emails thoroughly. Phishing attacks will ask you to do things urgently; stop and think twice before you act.
5. Consider Not Storing Your Card Details
It’s definitely more convenient to let websites remember your card details, but it’s also how financial information is stolen and sold on the dark web.
Instead, use a password manager to securely store credit card information. Password managers can autofill your information, so you don’t need to type it in every time.
6. Set up Identity/Credit Monitoring
It’s common for organizations to offer free credit or identity monitoring after a breach.
Take advantage of it.
This service tracks your personal information online, alerts you to signs of theft and helps you recover afterward.
When a data breach occurs, subsequent attacks don’t necessarily happen immediately. Your information is sold to the highest bidder, and sometimes months or even years pass before anything is done with it.
It’s better to be proactive than reactive.
Learn to Spot Phishing Scams
Scams are getting more advanced and harder to detect.
Our cybersecurity training will help you learn how to spot these kinds of scams and how to protect your organization.
Don’t wait until your sensitive information winds up in the wrong hands. Contact us to learn how phishing training for your employees will stop breach attempts dead in their tracks.
Stay updated! Get tips and insights delivered to your inbox weekly by subscribing to our newsletter.
