How To Minimise the Fallout From a Data Breach

There used to be a saying that 'nothing is certain except death and taxes'. Well, I now think it needs to be amended - and 'data breaches' needs to be added on the end! Regardless of where you live, not a month goes by without details of yet another data breach hitting the news headlines. This year has seen some of the biggest, most damaging breaches in recent history. According to the US Identity Theft Resource Centre, over 1 billion people were impacted by data breaches in the first 6 months of 2024. Up to 560 million people worldwide were affected by the Ticketmaster data breach, 30 million in the Ticketek breach and all AT&T's cell customers had call and text records exposed in a massive breach. And that's just a few quick examples.

What Is A Data Breach?

A data breach happens when there is unauthorised access to sensitive, private, or confidential information. This could include account details, purchase histories, customer identities, payment methods, or confidential private data, for example, medical records.

There are a few different ways that a data breach can happen. Firstly, hackers may exploit weaknesses in systems, networks, applications, or even physical security to gain unauthorized access to sensitive information. These hackers may be acting alone or be part of a larger ring. Secondly, it could happen by a 'malicious insider' - a disgruntled or recently sacked employee who wants revenge by hurting the company or, an employee who wants to profit off the company's data by selling it online. And lastly, it can happen accidentally - when an email containing sensitive data ends up in the wrong hands, a laptop with sensitive data gets stolen or even a USB drive with confidential data is lost.

It Feels Like There Are More and More Breaches. Is that True?

It's hard to really know whether there has actually been an increase in data breaches or if the new reporting laws mean we are now aware of new breaches. For years, data breaches have likely been occurring without our knowledge. In Australia, there has been a consistent rate of data breaches since 2020 - about 450 every 6 months. And while this is higher than when the mandatory reporting laws were brought in in 2018, this could be explained by an increased vigilance by the companies themselves.

Is It Inevitable That We Will All Be Affected?

Over the last 2 years in Australia, we have had some significant data breaches that have affected more than 10 million Aussies each time. In 2022, the Optus and Medibank breaches each affected around 10 million Aussies, in 2023 the Latitude Financial breach affected 14 million consumers and the recent Medisecure breach in May 2024 affected close to 15 million customers. And who can forget the Canva data breach in 2019 that affected 139 million customers worldwide? And that's only the large ones! It's now widely accepted that most Aussies would have been affected by a data breach with some affected on multiple occasions.

So, I believe the time has come when we need to accept that data breaches are part of modern, digital life and redirect the energy we could use worrying into protecting ourselves so that the fallout will be minimal. Here are three areas where I suggest you spend some energy.

1. It's All About Passwords

Ensuring you have a unique, long, and complex password for each of your online accounts is the ABSOLUTE best way of protecting yourself in case of a data breach. Let me explain. It's pretty common for hackers to steal customer's personal data as part of a data breach and this will include login credentials. Hackers will then use bots to test the stolen email and password combination to see where else they could possibly get entry. So, if you've used the same password elsewhere then you could be in for a world of pain.

But let's keep it real. Many of us don't have a separate password for every online account. It takes a lot of work to reorganise your digital life. Most folks have a handful of passwords they use on rotation. But as you can see, this isn't ideal.

And remember, if you find out a company you have an account with was hacked, change your password immediately. And of course, if you have used that password, or even something similar, on any other accounts then you'll need to change it too.

Why a Password Manager Might Just Be Your New Best Friend

The best way to get on top of this whole situation is to invest in a password manager like McAfee's free software TrueKey that can both generate and remember super complex passwords. With many people having 100+ online accounts, you would need to have to be a member of Mensa to remember all those passwords on your own. A password manager takes all the stress away.

1. Multi-Factor Authentication

If someone has managed to get their hands on your email/password combination but you have multi-factor authentication in place then you will be protected as it will stop any unauthorised access to your account. How good!! So, if any platform or company that you have an account with offers it then PLEASE action it.

Now, there are two main types of two-factor authentication: one that sends a code via text message, and another that uses an authentication app, typically installed on a mobile device. Since phone numbers can be hijacked and text messages intercepted, I always recommend using an authentication app for added security.

1. Be Careful What You Share

Believe it or not, a company's security breach may not be the reason that your data is stolen. All it can take is a small slip-up - and remember we are all human! Here's what you need to do to be vigilant:

• Shred all documents that contain sensitive information. Don't just throw them in the bin.
• Be wary of providing sensitive information over the phone
• Avoid clicking on links in emails. Instead, visit the company's website directly
• Use security software such as McAfee's Total Protection
• Never share sensitive information over Wi-Fi
• Use credit cards where possible as they usually offer stronger fraud protections than debit cards

1. Be Alert and Informed

Staying up to date with the news and abreast of data breaches is a great way to stay vigilant. Services like Have I Been Pwned allows anyone to check if their email addresses or phone numbers have been involved in a data breach. Simply enter your email address on their site, and they will provide a list of breaches in which your information was compromised. Firefox also offers data breach alerts, while Apple lets you check for leaked passwords stored in iCloud.

You can also subscribe to credit monitoring services which will alert you to any major changes in your credit report that could indicate identity theft or fraud.

I also recommend taking the time to check your bank and credit card account statements for anything unusual or unauthorised. And always report anything suspicious to your bank ASAP.

1. Don't Overshare

I also recommend that you rethink everything you share online. Remember, anything you share online could resurface in a breach and that includes private messages, photos, and social media posts. If you do need to upload sensitive files to the cloud for storage such as a picture of your birth certificate or passport, why not encrypt the image first so that no one else can retrieve it?

Encrypted messaging services are also a great idea if you are concerned about your privacy. I'm a big fan of Signal but WhatsApp and Telegram are also good options.

So, the bad news my friends, is that data breaches are inevitable unless you are planning on dropping out of society and living off the grid - tempting, I know! But the good news is that there are steps you can take to 'future-proof' yourself for that moment when you will be affected. So, rethink your password strategy, turn on 2-factor authentication, limit what you share, and you'll make it hard for cyber criminals to get entrenched in your digital life.

Till next time

Stay safe online

Alex

Public link

Please use the above public link if you want to share this noodl on another website.