Recovery After A Data Breach – Cyber Security Awareness Month 2017
You have done everything you are supposed to: You don’t use the same password more than once, you don’t click on the fake links in your email or on websites, you use two-factor authentication when you log into websites and you have credit monitoring on your accounts. Then you learn a company you rely on to keep your data private has been hacked. The company has suffered a massive data breach and hackers have your private information. Now what?
First, be aware scammers may have obtained your email address and sent you a falsified email message. After a major data breach, such as the recent one with Equifax, hackers often send emails to people trying to get anxious individuals to click on provided links to phishing websites, sites that may look legitimate but ask people to enter private information the cyber criminals then steal. Instead of clicking on links in these types of messages, look up the stated company online and go directly to the website identified by the search engine rather than clicking the link in the possibly falsified original email; better yet, contact the company by telephone and check things out verbally first. In the case of Equifax, the company added a web link and additional information on their page enabling people to check and see if they were affected.
Second, understand your options. The Federal Trade Commission has set up a site that provides additional information: https://identitytheft.gov/. This site can help put together a plan of action both before and after your information has been used by hackers. The FTC offers preventative measures like freezing your credit and signing up for credit monitoring. They also include a list of sites you can visit to see if your information was leaked.
As we become more and more digitally connected, we know these types of issues will continue to happen. Being prepared and having a plan when – and it is when and not if – a data breach happens will allow you to minimize further damage.