|
As I say, another day, another high-profile data breach. Take the Marchs’ iOS debacle which reported the IOS X app was sharing crash reports with the platform even if users had opted out. Or AT&T’s March data breach impacting over 73 million. By now it’s easy to become numb to the news and hence the challenge!
It doesn’t help that it’s hard to visualize how individuals into the equation. Sure, it’s our data being stolen and leaked, yet the press often focuses on the business side of things leading to a personal sense of detachment about the consequences of breaches. Compounding that challenge are the dual facts that the perception is that neither our political nor legal system has supported individuals through their actions or inactions. Of course, this creates the scenario where one feels powerless and accordingly fail to take specific concrete steps, we recommend mitigating their exposure like utilizing better cyber hygiene (multi factor authentication, password rotation and strategies) or freezing their credit,
As I reported recently in late April, The UK has banned many of the more commonly used and vulnerable passwords!
Several months ago, the Supreme Court failed to hear a case that could have unified various lower court’s position on the standing debate and set a national policy. And although some cases have been allowed to proceed, most defendants remain victorious so plaintiffs can recover their financial and other losses to hold defendants accountable.
I’ll walk you through what a data breach means for you, why you should care, and what to do if you’re involved in a leak
.
What is a data breach?
A data breach happens when personal data is unlawfully disclosed, accessed, lost, altered, or destroyed via a cyber-attack or other nefarious means, like phishing scams. They can be accidental or calculated attacks, and range massively in scale.
According to the 2024 Verizon Data Breach Investigations Report, 68% of all breaches involved a “non-malicious human element,” caused by a person who either fell victim to a social engineering attack like phishing or made some type of error, like sending sensitive information to the wrong person.
How do data breaches happen?
Some data breaches are purely accidental like if a co-worker checks out a file on your computer without having the right authorization, that’s a breach, even if they don’t speak about what they saw.
A phishing attack usually takes the form of a text or email that aims to dupe you into clicking a bogus link, downloading a dodgy file, or otherwise handing over identifiable information.
Criminals aim for this data, and these are the stories that make the news. They employ a variety of techniques to get what they want by planning their digital heists. They look for vulnerabilities, overdue updates, or employees who might just be susceptible to a phishing attack. Then, when the criminals get into the corporate network, they seek the juiciest files and data like your name, address, email, phone number, and even your recent purchases, which they’ll sell to interested brokers.
What are the consequences of a data breach?
Click into any news story about a data breach and you’ll often see how the company has been impacted. Maybe they’ve lost millions of dollars, been lumped with a lawsuit, or are implementing new security measures. The cost to us tends to get glossed over. The truth is that, armed with your login details, a cybercriminal can wreak havoc. Oftentimes it’s failing to patch a vulnerability like many in the aftermath of Progress Software MOVEit attack last year. Or the Solarwinds cyber attack resulting from the use of a default password (Solarwinds 123). In fact, we picked up an international governmental client years back as the company password in use by all employees was Password1234.
These are not small or medium sized businesses so, if their policies are lax, how confident are you with yours?
Although I always advocate folks to utilize complex and unique passwords, lots of people don’t. You’re making a hacker’s day because the first thing they’ll do if they get hold of your password through a breach is checked to see if it’ll work on other sites, too. It’s called credential stuffing and can escalate the impact of a breach.
So, if you have an ancient social media account being involved in a breach and receive a breach notification but have used the same password for years, that old account could lead criminals right into your banking apps.
What damage can this cause?
Criminals that access your email account can change the password without you realizing it right away, and then do their best to force access to your other accounts.
One of the most devastating consequences of a data breach is identity theft. It’s easy for a criminal to pretend to be you online when they possess your personal information. Armed with this they have all the tools they need to dupe security questions, embroil you in legal trouble, take out loans in your name, and buy all sorts of expensive stuff for themselves that you’ll pay for.
What you can do after a data breach
If you’re doing your daily scroll on social media and notice that a service, you use has been involved in a data breach—don’t panic. There are a few things you can do to get ahead of the criminals behind the attack. Don’t sit and wait!
Companies don’t want to admit they’ve suffered a breach because it’s embarrassing. Instead, head to haveibeenpwned.com to see if you need to act. Look at the story to get a sense of how serious the breach was, but remember, sometimes a company won’t share all the details of the incident, either to save face or because the scale is currently unclear.
Then, it’s time to brush up on your digital privacy habits as enumerated above. To recap again:
- Beef up your passwords: Log into the affected account and change the password IMMEDIATELY! This thwarts credential stuffing attacks that try to log in to sites by cross-referencing popular passwords with stolen account details. Remember, use numbers, symbols, and the weirdest non-dictionary terms you can think of. And while you’re at it, do the same across ALL your accounts you use on the internet.
- Use multifactor authentication: a vital tool when it comes to preventing criminals from taking over your accounts and should be enabled whenever available. It requires you to log in with your password and a code that’ll be messaged to you, meaning a stolen password is just about useless on its own.
- Keep an eye on your account: if you think you might’ve been affected by the breach, review your recent account transactions. If you spot anything suspicious, report it, and set up alerts that’ll notify you about any account activity.
- Rein in the oversharing: We’re all prone to sharing details of our lives online. Snippets of everyday life, career updates, announcements about new houses or trips are utilized by criminals who use it to impersonate you and force access to your other accounts. Plus, our blasé attitude to data sharing can desensitize us to the real impact of breaches.
- Invest in a VPN: While a VPN can’t keep companies from being targeted by criminals, it can keep your data safe as you go about your day-to-day browsing. The best ones create an encrypted tunnel between your device and the wider web and, when your data travels through it, it’s encrypted, and unreadable to any would-be snoopers.
Turn to us to maximize your cyber hygiene and insulate yourself from regulatory and legal challenges – we are an international firm that works with businesses off all sizes and with its’ individuals.
Richard Freiberg
Profitability Consultant
Richard Freiberg CPA PC
Phone (980)339-3352
Cell (914)393-0033
www.rmfreibergcpa.com
LinkedIn
to subscribe to Cyber Insights Today
to subscribe to LinkedIn Newsletter Cyber Security
Providing valuable counsel to help boost your company’s bottom line, while navigating competitive forces, industry, and economic risks in today’s challenging environment
|
2 thoughts on “Data Breaches Impact You and Why It Matters”
Data breaches? Just another reminder of our vulnerability.
Nah, it ain’t just vulnerability. It’s about learning and getting stronger. Keep hustlin’, ya know?