Data Breach Protection Tips
What more can I do to protect myself from all the data breaches that we keep hearing about?
This question was answered on May 6, 2011. Much of the information contained herein may have changed since posting.
The recent data breaches at Epsilon and Sony should have everyone asking this question, even if you weren’t personally affected by either of these massive compromises.
The unfortunate reality is that these types of breaches are going to continue to increase, so the likelihood of your personal information being compromised by someone you do business with (online or off-line) is very high.
Unless you can completely unplug from the world AND have never given any company your personal information, you can’t avoid it.
As bad as that may sound, it’s nothing more than a rule of the road in the digital age that we must all keep in mind People die in car accidents every day, but that doesn’t keep us from getting into a car a couple times a day because we understand the rules of the road.
Let’s start by reviewing what you should do if a company that you do business with notifies you of a breach.
If the data breached is simply marketing information such as name & e-mail address (e.g Epsilon), than your primary exposure is a well-crafted scam, primarily delivered via e-mail (a.k.a ‘spear phishing’).
Because they have your name and your e-mail address, they can specifically design a message that is more likely to get you to take action (click a link, etc.) than generic phishing scams that start with ‘Dear Customer’.
Never click on any link in an email that is asking you to update your account or install an update Go directly to the website of the company being represented in message and log into the account yourself to check the validity of the request (if it was real, the same info will appear when you log in).
If the data breach is more substantial and potentially includes credit card information (e.g Sony’s PlayStation Network), than cancelling the credit card used for the account and having your bank re-issue a new card would be prudent.
In addition, closely monitoring your credit card statements and your credit rating with the major credit bureaus will allow you to quickly detect any potential issues.
If the breach included username and password, you must immediately change your password or cancel the account altogether, including any other sites that use the same username and password.
The best protection comes from pro-active measures that can help minimize the impact when (not if!) your information gets compromised.
The first is to NEVER use a debit card for any online account because any amount in dispute will be inaccessible while you work through the fraudulent activity It can take weeks or even months to get things straightened out with your bank before they make the funds accessible again, so don’t put yourself in that position.
Another preventative measure is to avoid using the same password for all your online accounts It’s much easier to remember, but if any one site gets breached, all of your accounts are potentially at risk immediately.
If you really want to ensure separation, you can use ‘e-mail address aliases’ for each of your accounts.
Gmail, for example, allows you to create any alias you want that will get forwarded to your actual Gmail account (other services offer options as well; search the help section for ‘e-mail aliases’).
For instance, if firstname.lastname@example.org is your primary account, you can use username+BofA@gmail.com and all the messages will get to your account but the e-mail address grabbed during the breach would be the alias.
Gmail has terrific filtering based on these e-mail aliases as well, so it makes monitoring activity much easier.
The bottom line is that data breaches are a fact of life, so start preparing yourself today for what is likely to happen tomorrow!
Need Help with this Issue?
We help people with technology! It's what we do.
Schedule an Appointment with a location for help!
Posted by Ken of Data Doctors on May 6, 2011