Businesses can’t seem to stop hackers looking to steal customer data. The list of companies prayed on has grown long indeed and includes well known names like JP Morgan, Home Depot and Target. And that’s just what we know about. Every unexplained website outage is met with raised eyebrows. Was it a glitch? Was the site hacked? And when would they us if the latter was true?
Everyone seems to agree that companies should do more to protect the people who’ve entrusted them with valuable data, but the trend of high-profile hacks seems likely to continue in the near future. For now, consumers can do little but prepare and respond as threats occur. Here’s how you can protect yourself.
Educate Yourself About The Risks
The headlines announcing major breaches are, in fact, only part of the tale. Smaller companies and organizations are breached regularly, and these smaller stories are rarely front-page news, if they’re news at all. Many victims of these minor incidents never realize there’s a problem. After all, most of us deal with hundreds of companies a year. Keeping tabs on whether they’ve been hacked (or not) is difficult at best.
DataLossDB.org can make life a little easier, however, as can the site’s Twitter. DataLossDB shows the latest known breaches on its front page. You can also sign up for a weekly newsletter summarizing all data loss incidents in the previous week. Following the site on Twitter or signing up for the newsletter can take a lot of the virtual legwork out of keeping yourself informed about new security threats.
I also recommend checking out our list of the top security blogs. You don’t have to follow them all, but checking just one every week can be helpful and keep you informed.
Manage Your Passwords
Changing your password is a must if you have an account with a company that’s been hacked. Not all attacks focus on passwords, but a great many do, and a compromised password can be used to gain full access unless two-factor authentication is available. Worse, the login may appear legitimate, making it more difficult for you to claim it was actually someone else.
But changing your password is just the start. It’s also wise to take proactive measures that will protect you from further breaches of security. PwnedList, a website that monitors the web for leaked data that includes your email and password, is a great way to shield yourself. The service is free and can automatically notify you if a leak occurs, giving you the chance to change your password before damage occurs.
It’s also wise to use a password manager. This will help you develop more secure passwords, which is always a plus, and will make changing your password easier if it becomes necessary. The best options can span multiple devices including smartphones and tablets.
Use Your Credit Card’s Security
Many consumers become alarmed when they hear about a breach because they believe their credit card will be used to make false purchases. That can happen, but consumers are rarely held accountable. In the United States, for example, citizens cannot be held responsible for any fraudulent charge that occurs because of stolen information and are responsible for only $50 if the charges occur because the physical card was lost. Only fraudulent debit charges can result in full loss of funds, and even then only if you fail to report it within 60 days.
Still, fraudulent charges can be inconvenient. You’ll have to contact the bank or credit card company, and the more charges made, the more of a hassle it’ll be. That’s why you should enable as many security features as possible. In particular, many credit cards offer a notification system that automatically informs you when a charge larger than a certain amount is made or when a “card not present” transaction occurs. Options vary, but the best credit card companies will even notify you about “suspicious activity,” like a sudden string of charges originating thousands of miles from where you live.
With these notifications enabled you can immediately contact your card provider and resolve the issue. You’ll still have to call, but the process will be easier if you notice the fraud when it occurs instead of a month later when you check your monthly statement.
Close Old Accounts
As you patrol for information about data loss incidents you may run across breaches of companies you don’t regularly do business with, but still have a chance to impact you. Companies tend to store data for a very long time and consumers tend to open accounts, then forget about them. This turns into a recipe for disaster.
If you have to respond to a breach, ask yourself whether you really need the account in question. Many people open a company credit card or membership to score a sweet deal, then promptly forget until something bad happens. If your data is lost, and you don’t do much or any business with the people who lost it, then simply cute your ties. Close your accounts, zero out any balances remaining, and go somewhere else.
This may or may not purge your data from their computers, as many companies hold on to data for some time after an account is closed. But closing the account will make compromised data less useful and will give you one less front to worry about in the war for your privacy.
Become A Skeptic
Headlines about high-profile hacks usually focus on the loss of password or credit card information. Everyone knows this data is important, so it makes a good story. But the avenues of attack extend beyond simply charging false purchases or logging in to an account with a stolen password.
In the Target hack, for example, the attackers grabbed names, addresses, and phone numbers. With this information it’s possible to craft fake emails, letters or even phone calls that look a bit more legitimate than normal. If you receive a email asking you to “confirm some information,” and the same email contains your name and address, you may absently believe it’s valid.
This technique is called “spear phishing” because of its precise nature. While not as common as generic phishing spam, it can be very effective. In one case hackers posing as the Better Business Bureau managed to snag data from 1,400 company executives. Each email contained some information relating to each exec’s business, and appeared through an avenue they were likely to believe was legitimate, factors which made the attack very effective.
The lesson here is unfortunate, but simple; never let down your guard. Assume that any unexpected email, text or phone call could be a phishing scam and respond accordingly. Visit sites through your browser rather than by clicking on links, verify phone numbers are authentic before calling, and never respond to an unsolicited email with personal information.
Look (Carefully) For Your Free Credit Report
Large companies that are successfully attacked by hackers face a serious problem. The breach potentially puts the company on the hook for any damage a customer suffers due to their negligence. In addition to dealing a double blow of bad PR, customer damages (and the lawyer fees required to deal with the claims) can drain a company’s bank account.
That’s why most companies suffering a major data breach follow up with a free credit monitoring offer. You’ll often receive notification of this via mail, though sometimes it’ll appear through email instead. The service level is usually the most basic available, so you’re just signing up to be notified if someone opens an account under your name, but it’s better than nothing.
Keen readers might notice a vulnerability in this security measure. If a company that’s been hacked announces they’ll be offering free credit monitoring they’ve just made their customers ripe for a good ol’ spear-phishing attack. Double-check what you receive and try to verify the offer through the official company website before making a call or clicking a link.
How Would You React?
Data breaches are prevalent, but they’re not something that should keep you up at night. The identify theft horror stories that make consumers quake in fear are rare and are usually the result of targeted attacks rather than a massive breach, though data leaked in a breach could make stealing a victim’s identity easier.
Have you done business with a company that was hacked, and if so, what did you do when you learned of it? Let us know in the comments.