Data breaches like Talk Talk, Three and Wonga continue to make headlines and shine a light on concerns regarding the protection of private data and personally identifiable information (PII). UK consumers continue to be caught up in the aftermath, but fortunately there are steps you can take to avoid serious ramifications in the event of a cyber-attack. We’ve collated five tips that will help if your personal data gets breached:
Tip #1: Dedicate Time to Your Digital Accounts
Make a list of all the organisations, financial institutions, websites, apps, and other entities that could be at risk because your information has been compromised. Then spend an hour and change your online passwords (see tip #3), and sign up for the credit monitoring service that the breached organisation will most likely offer.
Next, lock your credit rating to mitigate the financial aspects of identity theft. Unless you apply for credit cards and loans every month, contact the three major credit rating companies (Equifax, Experian and Callcredit) and apply a security freeze to your credit history. This will safeguard your information from the possibility of a criminal opening new credit cards or loans against your credit.
Be sure to also remain vigilant over the state of your accounts in the coming months.
Tip #2: Anticipate Cybercriminals Will Impersonate the Breached Brand and Offer “Help”
Organisations that have been breached will often use email and social media posts to contact potential victims. Cybercriminals are sophisticated and savvy and will impersonate the same brands post-breach, knowing customers are expecting communication. Cybercriminals will fake the display names on emails or create fraudulent social media accounts to trick worried victims.
To ensure secure communication don’t click on the link in potentially fraudulent email or social media posts, always call directly or visit the company’s main website to log into your account and immediately change your credentials using a strong, unique password as detailed below.
Tip #3: Play Hard to Get, Regularly Change Your Credentials
We recommend regularly changing your login credentials, using strong passwords that conform to best practices. Never use the same identifier across more than one account. If possible, make your passwords at least 8-15 characters long with mix of upper and lowercase letters, numbers, and symbols. An example is @str0ngpa$$worD.
Be sure to also enable the two-factor authentication option – if available – which sends a unique code to your mobile phone or email for every login. For email in particular, implementing these changes will help you avoid identity theft or fraud and stop attackers from using your legitimate email account to target other victims.
Tip #4: Your Personal Email Account is the Key to Your Kingdom, Guard it Accordingly
If your personal email is compromised by an attacker assuming your identity, it could expose all your contacts to an immediate threat and allow the attacker to reset all of your other account passwords. This includes your banking access, social media accounts, mobile payment settings, phone details, and more. By taking advantage of personal email accounts, hackers exploit the digital trust that exists between the email sender and receiver.
If you suspect your email account has been compromised, immediately change your email password. Then, alert your contacts — remind them to not click, ask them to delete the previous email from you, and update their antivirus and anti-malware software. Finally, if you did click a malicious link or have other reason to believe you were exposed to malicious software, contact an IT professional and have them scan your computer for malware.
Top #5: Beware of Fraudulent Emails, Websites, Texts, and Scam Calls
Don’t click or respond to anything suspicious, as doing so might put you on a cybercriminal’s radar. If an email arrives claiming to be from a known website, type that website’s home page directly into your browser, then navigate in appropriately. Unknown website? Avoid it.