According to the 2011 Data Breach Notifications Report from Massachusetts’s Office of Consumer Affairs and Business Regulation, nearly half of the area’s residents have had personal information lost or stolen as a result of about 1,800 data breaches over the past four years. As such, people are finally starting to ask what they need to do to protect themselves from personal data breaches.
The truth is there is little we can do once our personal information is given to third parties. We can only cross our fingers, and they can pinky promise that personal information won’t be compromised. The information security measures undertaken by companies vary greatly, with some companies doing a great deal, and some doing hardly anything. Even if a company has 99.9% security coverage there is still a risk that your data may be leaked. Persistent attackers will constantly try to breach data, such as credit card and banking information.
Then there is the huge issue of cascading attacks from an initial site due to username and password reuse. This allows attackers to attack the low hanging fruit of the Internet – such as blogs and forums – and use the data gained from these sites to access more sensitive data on other sites. Blogs and forums are typically the weakest for security because the people responsible for maintaining the sites are often more concerned with other issues like content, advertising and revenue, rather than the security of the site or plug-ins.
All it takes is one outdated version of the content management system or plug-ins to compromise everyone’s data. It’s really not a question of if, but when will this occur. This is why everyone must plan for a breach. It does us no good to stick our heads in the sand and pretend it won’t happen. So what should we do as consumers? Hopefully the following tips will help you limit the impact of data breaches.
Limit the Impact of Data Breaches
Often the initial breach doesn’t reveal much, but the re-use of compromised credentials on other sites leads to higher impact personal data compromises.
Close Old Accounts
Sometimes we tend to leave old email, business, and social media accounts active even though we don’t use the service anymore. Over time I’ve seen old accounts breached and reused for malicious purposes. If you don’t use a service anymore simply close the old account.
Avoid Password Re-Use
Password re-use is really common because it makes life easy on the Internet. There are two things you can do to help with this issue. My number one rule is to avoid re-using your primary email account password. The primary email account can be used to reset other accounts such as banking and social networks. I also recommend using software such as KeePass or LastPass that can automate password authentication on websites.
When password reuse isn’t the issue, we see that users are being compromised because of weak login passwords. For example, if someone is attacking a religious website they may use important names from the Bible. My advice to users is: don’t be so predictable with your password selection.
I recommend users to come up with easy-to-remember passphrases, as they can be computationally harder to crack, while being easier to recall. You can even use phrases that are familiar to you like movie titles or a song; something simple like “PleaseWipeYourFeet!” serves as a very secure password.
Beware of Phishing
Phishing is an email-based social engineering attack where people try to gain credentials or personal data by luring victims to malicious sites or enticing them to open files containing malware. The old saying that “if something seems too good to be true it probably is” holds true when it comes to identifying phishing email scams. Sometimes these emails can fool to even the savviest users. You can usually spot malicious emails by verifying the sender’s email address or hovering over any links to preview the destinations. Be aware that attackers sometimes use URL shorteners to mask their intentions. If you can’t verify the domain via a quick web search, it could spell bad news.
Apply Patches Regularly
We consistently see attackers exploiting vulnerabilities in old, unpatched software. Updating your system regularly with the latest patches, such as those issued by Microsoft and Adobe, helps you to ensure your system has the most up-to-date fixes for these found vulnerabilities. Unfortunately, many consumers continue to use outdated software for a long time after it ceases to be supported, unaware that they are using software riddled with serious vulnerabilities. Consumers and organizations must realize that upgrading software isn’t just about making the vendors money; it’s also about protecting yourself against future vulnerabilities. So patch early and often, and keep your software licenses and versions up to date.
Use Discernment with Disclosure
I encourage everyone to limit the amount of online services that they share their information with. We see, especially with the younger generation, a willingness to sign up for and engage on new online services, particularly when it comes to social media. In many upstart services, security is the last thing on their minds. Before signing up to new services, you should check out their data retention policies, because many services will retain your personal information or sell it without your knowledge.
Following these simple tips listed above should significantly help you protect your personal data from future breaches.