In the last week, three global organizations reported a data breach – affecting over 1.1 billion accounts. But wait, what risk does Dunkin’ or Quora being hacked threaten me – I did not have financial data there. Do not dismiss the risk of a breach even if the compromised site did not have critical data of yours. Criminals will use your email and that same password against as many other sites as they can. If you use the same password elsewhere, they can easily login to sites that do have your critical information. The best way to protect yourself is to have a unique password for each website.
So what happened. In a three day period, Dunkin Donuts reported 500 million of their DD Perks customer records were breached. Then Marriott reported that 500 million hacks came after a string of data breaches. And on the same day, Quora reported 100 million of registered customer records were “accessed by a malicious third party”.
Do you have an account in any of these three sites?
Likely the answer is yes. What information was compromised? If you are a business owner or CEO you may have exposed sensitive information like credit card numbers, employee data, or travel documentation (like TSA numbers)? Note that the Marriott breach happened in June of 2017 and was just reported. According to an article reported by Forbes Magazine, an independent cybersecurity consultant learned about the breach when he found their information on a Nigerian hacker’s computer.
So to me, this brings up two issues. First, what do you do if your company’s data is hacked? Second, what should you do about your personal information (and your employee’s information) if you suspect they were exposed?
1 – What to do if you discover your company has a data breach?
We would like to give you a cute bullet list here but there’s only one answer:
- Contact your IT Managed Service Provider Immediately!
- Do not wait — Follow their instructions!
I cannot emphasize enough, DO NOT WAIT! ‒ the longer you wait, the more damage the hacker can and will inflict on your system.
2 – What should you do if your personal or business information was part of a data breach?
- Change your password. See the NENS blog Protecting Your Company with Password Security
- Check your accounts for suspicious activity. DO NOT login to a website to verify activity that you remotely suspect as being infected.
- Use a separate credit card for online transactions (I think there is some saying about eggs and a singular basket…)
- Limit the information you share. See our blog post: How Much Data Does Your Organization Share Without Consent?
- Don’t save credit card information online. It might be convenient but do not!
- Be vigilant and maintain a suspicious mindset online
Not sure if your security is up-to-date?
If you are using the same antivirus program you had a couple years ago or have not seen a report testing your security, or do not hold regular training for your employees there is a 99% chance you are not keeping up. NENS can help. Contact us or send an email to firstname.lastname@example.org. We’ll help you assess your cybersecurity preparedness.