What To Do In A Major Data Breach
What To Do In A Major Data Breach Data security is a significant concern for any industry. Most of us cater to different goods and services connected to public and private institutions. But if you have ever received a notice informing you that maybe your sensitive information, such as your password, credit card information and your personal information, has been stolen and compromised, then you are all too familiar with a data breach. A lot of people, as well as companies, have been affected by data breaches.
Some Stats To Take Note Of
Here are some statistics that can give us a better understanding of what we are up against.
Accenture reports that since 2018, security breaches have increased by 11% and 67% since 2014.
A study by the University of Maryland says, hackers, attack every 39 seconds and on average of 2,244 times a day.
In a study done by IBM, the average time to identify a data breach was 206 days. That was in 2019.
IBM also said that, from the discovery of the data breach to containment, the average lifespan of a data breach was 314 days.
According to a survey done by Varonis, most Americans (around 64%) have never inquired or checked if a data breach affects them.
According to a survey done by Varonis, more than half of Americans (around 56%) do not know what to do when a data breach occurs.
In a survey done by Verizon, 94% of malware infection was delivered by email.
In a survey done by Verizon, less than half of data breaches (around 43%) were done to small businesses, unfortunately.
In fact, small organizations, with around less than 250 employees, were highly targeted with a malicious email. According to Symantec’s threat report, the rate in which they were targeted was 1 in 323.
Know What To Do
We all have sensitive information that may be in danger of being exposed to a data breach. Here are some things to do to minimize, if not prevent, financial fraud or identity theft.
If you are one of the engineers that are doing forensics, make sure to do a thorough investigation.
Determine the root cause by capturing all data traffic.
Capturing all data traffic 24/7, especially after the incident, will give you enough data to base any comparison from previous data recordings.
Begin recording all networks for post-incident forensic analysis.
As a data breach has occurred, doing a complete recording of all networks will further give data for a comparison for post-incident investigations.
Enable your administrators to go through the recorded network traffic.
It will enable your team to see if there is any unusual behavior observed from the recorded network traffic.
Submit a report of vulnerabilities found in the system.
An initial report of the investigation will be reviewed and analyzed for further investigation. Also, communicate what you are doing as people, especially the clients affected, mostly care about what actions you are doing to correct the situation.
If you are one of the people who’s accounts and personally identifiable information has been compromised, here’s a to-do list to minimize the result of a data breach.
Determine what was stolen.
Know what is compromised and acct accordingly. Sensitive information can be classified as either least sensitive, more sensitive and most sensitive. Least sensitive information includes your name and address. This type of information will not cause serious trouble for you. More sensitive information includes your email address, payment card numbers and date of birth. Although this information can be used to access your finances, you can easily safeguard yourself by directly contacting your bank and informing them that your data has been compromised. Most sensitive information includes social security numbers, passport numbers, online account numbers and payment card security codes. These are the type of information that can be used for identity theft.
Change your passwords.
Make a new and much more powerful password that is alpha-numeric. Add special characters to it. Make a separate robust password for every one of your accounts. Use a password manager to handle your different passwords linked to each account. Just make sure to safeguard the master password.
Contact your bank and other financial institutions relevant to your account.
Do not delay in contacting your bank or organization in case a payment-card number is stolen. Make sure you speak to a human customer representative instead of a chat-bot. Have your card cancelled immediately and also check all purchases and transactions made fraudulently. Ask for these records so you can use it as evidence for your police report.
Sign up for a credit and identity monitoring service.
Most of both free and paid services will help monitor your financial accounts and sensitive personal information. BillGuard is “a personal finance company that developed a mobile app enabling users to control better and secure their money.” It keeps keeping track of charges on an unlimited number of payment cards. It recently added an identity-protection service for an added cost.
Many large companies that suffer data breach attacks provide affected customers free identity protection for a certain amount of time, so if you are affected by a security breach, take advantage of this, but always be careful what you are signing up for. It pays to read the fine print.
Immediately file a police report.
Each country follows its protocol on banking breaches, but the process almost always starts with a police report once it happens so you can get help right away from local authorities and run after the party/parties behind the fraud. Filing a statement with the local police is extremely important, and serves legal evidence in court in case you pursue the perpetrators, or the bank pursues them. This will also serve as proof that you have done everything that you could to mitigate the damages done to you. Especially in the situation wherein identity theft has already occurred. The time frame wherein the perpetrator/s will use your stolen information, especially your social security number, for fraudulent means might take a long time after the data breach has happened. The police report and other financial file applications you’ve done beforehand will safeguard you in the instance that the perpetrators do use your information. The authorities will have a basis that any fraudulent acts using your information beyond the time of filing the report should be double-checked and screened for identity theft and not be blamed on you.
As we migrate our data more and more digitally, people with malicious intent will, most likely attack, steal, and, for some, hold our data for ransom. Let us not fall victim to credit card fraud or identity theft. Begin to safeguard your data and sensitive information. And should a data breach happen to another institution, be pro-active and ask them if the said attack compromised your information. And even if you have done all of the ways mentioned above to protect yourself, remain vigilant. Hackers have been known to hold on to sensitive information for years before using it. For small businesses, most IT security personnel in their staff are not properly equipped to handle a data breach. Get an IT personnel who’s properly equipped for the job. At the same time, entrust the development of your online presence with a company that developed a mobile app that you trust and has the expertise to back up the claim of providing better user experience for your clients. Also, arm yourself and your devices with the best cyber protection and software security tools available to you, like Trend Micro, Kaspersky Total Security, and the like. When it comes to sensitive data such as this, extra padding of protection will not be too much. Better be armed and forewarned, than suffering the alarming cost of a data breach to you and your family or business.
John Ocampos is an Opera Singer by profession and a member of the Philippine Tenors https://www.facebook.com/ThePhilTenors/. Ever since, Digital Marketing has always been his forte. He is the Founder of https://www.seo-guru.org/ SEO-Guru, and the Managing Director of https://www.tech-hacker.com/ Tech Hacker. John is also the Strategic SEO and Influencer Marketing Manager of Softvire Australia – https://www.softvire.com.au/ the leading software e Commerce company in Australia and https://www.softvire.co.nz/ Softvire New Zealand.
Note: This article is a guest post.
- Top 10 Phishing Tools - 10th April 2020
- Distributed Hash Cracking Hashcat Hashtopolis Tutorial - 30th March 2020
- Cracking Password Hashes with Hashcat Rule-based attack - 27th March 2020