Interested in our Cybersecurity Framework?
Protect Your Mobile Devices from Malware!
Interested in a Free Phishing Security Test?
If you're interested in assessing the Phish-prone percentage of your users, contact us to arrange a free simulated phishing attack.
You feel powerless when it happens: an email or notification arrives, informing you that your business data has been compromised. Unfortunately, data breaches are becoming increasingly common.
Data breaches happen at banks, charities, and ecommerce stores. Not only that, but governments are also victims. This leaves things like addresses, credit card details, and other sensitive information exposed to thieves.
While you can’t control a business getting hacked, you can take proactive steps afterward. Below, we’ve outlined key actions to help you minimise financial losses and protect yourself moving forward.
Carefully Review the Breach Notification
It’s important to understand exactly how the data breach may impact you. Review the notice you received. Additionally, look for updates on the company website.
These are the things you should be looking for:
- The type of data exposed (passwords, card numbers, etc.)
- What reparations the company is making (e.g., credit monitoring)
- Any instructions given to secure your account
Regularly check the company’s website. Often, they don’t immediately know how far reaching the breach is. You may check back later and find out other types of sensitive data were exposed.
Identifying and Isolating the Damage from a Data Breach
When a data breach occurs, acting quickly to understand the extent of the damage is essential. By identifying and isolating compromised data, you can prevent further harm and secure your sensitive information. Here’s how:
- Determining what was exposed: Review the breach notification carefully to understand what types of data were affected. Identifying the compromised data will guide your next steps, like changing passwords or freezing your credit.
- Check for unauthorised activity: Regularly monitor your financial accounts, email inbox, and online profiles for any unauthorized activity following a data breach. Look out for suspicious transactions, login attempts, or password reset requests, as these can indicate that your compromised data is being misused.
- Isolate infected systems: If the breach originated from your device—such as malware or a phishing attack—disconnect it from your network to stop the spread. Run a full security scan to identify and remove any malicious software. A managed service provider (MSP) can assist with these technical steps, ensuring your system is secure and the threat is eliminated.
Change Your Passwords
Depending on what the breach notification identifies, one of the first tasks is to change any passwords associated with the breach. Change the password for the service that sent you the breach notification first. Then, change it for any logins using the same password.
This is one of the reasons it’s a best practice to use unique logins for every site. Many people get in the habit of using the same password in several places. This leaves more than the single breached login at risk. Use a password manager to help you create strong passwords. You only need to remember one to access all the others.
Enable Multifactor Authentication (MFA)
Multifactor authentication can keep accounts secure, even if a hacker stole the password. Enable it for the breached service. Then, ensure you have MFA activated for all other logins, where possible. MFA is also called two-factor authentication or two-step verification.
Common forms of MFA are:
- Text message
- Authentication app
- Security key
Check Your Bank Accounts
If payment card details were breached, check bank accounts. You’ll want to watch these for several weeks for fraudulent charges. Report the breach to your bank to have them issue you a new card, if needed.
Notify your bank about the 3rd party data breach. This can help keep you from being held responsible for fraudulent charges. Your bank can then help you with appropriate steps to avoid fraud.
Freeze Your Credit
Online criminals will often sell breached personal details. These details can enable someone to take out credit in your name. Contact the three credit agencies. They each have ways to freeze your credit to protect you. You can do this right on their websites.
The three credit agencies are:
- Equifax
- Experion
- TransUnion
Improve Device Security and Cybersecurity Protections
Make sure you protect your device and network. There are some simple tools you can use to improve personal device security. These include:
- An effective antivirus/anti-malware program
- DNS filtering to block malicious sites
- Email spam filtering for phishing
Another form of protection you can use is a VPN. This helps mask your traffic. It is especially helpful if you’re using a public Wi-Fi. VPNs are easy to use. You can use VPNs for both computers and mobile devices. A managed service provider, like VirtueUK can help set up these protections for your business, providing ongoing monitoring and support.
Be on the Lookout for Phishing Scams
Emails are often exposed in data breaches. This means you may receive an uptick in phishing emails. Phishing is very convincing since criminals are rountinely improving their strategies. Phishing emails are often difficult to identify as they are effective at replicating the genuine article.
Stay vigilant for any unexpected emails. Follow best practices to avoid becoming a phishing victim:
- Hover over links to see them
- Go to websites directly. Don’t click email or SMS links
- Beware of unknown senders
- Watch for phishing on social media and text messages
- When in doubt, double check through an official source
Make Sure to Update Software & Systems
Hackers often exploit unpatched vulnerabilities. How do you get unpatched vulnerabilities? Most of the time it’s from failing to keep software updated.
Make sure to update your device operating system. Update all apps or software on your devices. Update firmware for routers and printers, and update firmware for smart devices. Automating your updates is a good way to stay protected.
Engage a Managed Security Service Provider You Can Count OnTrust
A trusted managed service provider can help safeguard your devices and data at work and home. Whether you need help improving device security or recovering from a breach, we’re here to assist.