Data breaches on popular social networks and online services can have all sorts of knock-on effects. Is there anything to be done to protect yourself from data breaches? To minimize the damage they cause?
When logging into the fifth account of the day on a fifth different website, it’s easy for details to escape our attention.
Details such as that we are handing over personal information to five different websites or services.
And that for each one we used the same login email, username, and password.
Sound familiar? You’re not alone. In fact, more than half of net users use the same password over and over again.
But what happens if one of those websites or services has a data breach? What happens when our account login credentials are exposed for anyone to see, or use?
This is what happens during a data breach, and the effects can be devastating.
Luckily for us, taking some simple precautions can drastically minimize the damage caused when there is a data breach on one of the websites or services we use.
What are Data Breaches?
Data Breaches, sometimes called data leaks or data spills, are events in which an unauthorized individual accesses personal information such as online account login information, payment credentials, confidential data, etc.
There have been many high profile data breaches in the last few years. All industries have been affected. From government, to transport, healthcare, or retail.
The result is that hundreds of millions of accounts have been compromised worldwide.
How do data breaches happen?
You might wonder how on earth data breaches can happen. And why are companies not able to prevent them from happening?
The truth is that most companies, websites, or online services are trying to prevent data breaches. However, some are more successful doing so than others.
According to results of studies into data breaches, there are many ways data breaches occur. For instance, they can occur because of websites or services using poor security measures. Or the physical theft of devices containing our data.
Occasionally, credentials are intentionally leaked for one reason or another, or a hacker gains entry and is able to extract information forcibly.
Who can be affected by data breaches?
We are all inextricably tied to web services. There’s no getting around the fact that we must part with certain information about ourselves to various websites, services, and social networks.
Seeing as no industry is bulletproof from data breaches, this means that we are all at risk of being affected by data breaches at some point.
Want to quickly find out if your accounts have been compromised? A great way to quickly get an indication if your account information has been compromised in a data breach is to use haveibeenpwned.com – a free service that checks whether your email address appears on any of the lists of breached accounts online.
What will hackers do with the data?
In the 2016 Data Breach Investigations Report by Verizon, it seems that data breaches are largely motivated by financial gain.
In fact, not a week seems to pass by without reports of fresh data being put up for sale on the dark web.
According to the report, purchasers of the stolen credentials then often look to use the data for further financial gain.
Whether that is by using the information to access the account of the website or service that it was breached from.
Or to attempt to use the same login information to access accounts on other popular web services.
Knowing that financial gain is the motivation for data breaches, it makes it all the more worthwhile to take the precautions we can to minimize data breaches’ effects on us.
How to Best Protect Yourself from Data Breaches?
While we have very limited ability to prevent a data breach from happening to a website or service, there are certainly steps we can personally take to minimize the damage a data breach causes to us as a result.
- Make sure that our passwords give us the best protection possible
- Limit the information we provide to websites and services
- Consider the security of websites and services we use before giving them our information
- Identify genuine security notifications and always take action
- Take steps to minimize damage once we discover an account of ours has been compromised in a breach
Defense #1 – Max Security Password Best Practices
We’ve previously put together a handy guide, if you follow our advice you’ll never worry about password security again.
This is because even if your account information is compromised in a breach, proper password login settings will still prevent your information being used against you.
To make sure your password security thwarts even the worst of data breaches, follow this advice:
- Completely avoid using weak passwords. Instead, create a strong password you’ll never forget
- Create different passwords for each account (difficult to remember them all? Use a Password Safe to store them in)
- Change your passwords regularly. Your data is no good to a data thief if it’s out of date
- Use two factor authentication. This means in addition to a password, a second factor – often a security code delivered to a mobile device – is needed to log in to an account.
Defense #2 – Limit The Data You Hand Over
How much data do you really need to provide to a third party website or service?
If it’s not necessary to allow the third party to store your payment details, don’t take the risk.
This will mean that data thieves won’t get access to that information if a data breach occurs. Or they won’t be able to use it when they access your account with stolen login information.
Apart from payment information, consider whether you really need to provide information to the third party such as:
- Email address
- First Name and Surname
- Phone number
You might also want to think about what data you’re handing over just by using the service.
All data extracted by data thieves from data breaches could potentially be used in one way or another to wreak damage.
Don’t give them the chance. Limit the information you hand over to third parties.
Defense #3 – Is the service you’re using secure enough?
Ever taken a look into the security standards of a website or online service before giving them your data?
Take a moment to do so, and you might be surprised to find how different the security standards can be.
Security of our users and customers is a top priority, which is why we have significant security measures in place, which have enabled us to gain:
- Five star quality seal – from independent BISG testers evaluate products from qualified companies for quality, security, and service values
Before signing up for an account, or providing confidential information, take a look into the security of the service or website to check for their standards.
If they don’t provide similar evidence of internationally approved security practices, you know to be very careful about the information you provide them with.
Defense #4 – Take action on security notifications
This is a tricky one, because we’ve all become so used to the tactics used in spam email asking us to reset passwords by clicking a link (don’t!).
Phishing tactics are often used by cybercriminals to send out emails that pose as authentic emails. But that actually contain some form of security threat.
Unfortunately, there are very few other ways for notifications to reach us, other than by notifications within the website or app we’re using.
But it’s very important that we do differentiate between spam and genuine requests.
By taking action as soon as we receive a genuine security notification we can minimize the likelihood that a data thief accesses our account with stolen data.
The best way to make completely sure that you’re not going to fall foul of a spam email is to always access your account security via the official route.
Usually this means logging into your account by going to the website or service yourself, and manually requesting a password change/reset.
i.e. never click a link delivered in an email you didn’t request yourself.
Defense #5 – Steps to take when you know someone has accessed your accounts
The final way you can protect yourself from data breaches, is to take immediate action when you think you have been the victim of a data breach, and a cybercriminal has accessed one or more of your accounts with the stolen data.
While this is a worst case scenario, it’s always better to be prepared to work towards minimizing the damage they can inflict:
Step 1 – Change account passwords.
Immediately change the password for the compromised account, and any others for which you have used similar account information.
Also – If you suspect your computer to be infected by Malware, use another device to ensure that the new login credentials are not caught by a keylogger listening in the background.
Step 2 – Inform your local police department
Cybercriminals have committed crime against you, so you will also need to get in touch with your local police department.
Sensitive data often can’t be released by companies without police involvement.
Step 3 – Get in touch with third party sites or services
The final step towards minimizing damage by data breaches is to contact the websites or services of the accounts which have been affected by the breach.
This includes the source of the breach itself, but may also extend to sites and services data thieves accessed with the data extracted from a breach.
What are your tips for minimizing the damage caused by data breaches? Please share your thoughts in the comment section below!