Clock 5 MINUTES

How to Survive a Data Breach

Data breaches are inevitable. Here’s a comprehensive guide on how to protect yourself from becoming a victim.

18 Mar
2020
SelfKey
Identity Wallet
key-icon

Data breaches happen on an almost daily basis. Retail companies, government agencies, service providers, and more, are all vulnerable to hacking. While there is plenty of information available about individual data breaches and how they have affected people, the best way to protect yourself is to take a number of preventative measures.

The data collected in data breaches can be incredibly valuable to hackers. They can sell it to other hackers, use it to drain your bank accounts, or impersonate you. In this article, we outline the best ways to protect your data so that when a data breach does happen, your data is not exposed.

1. Separate your emails

Your email address is one of the most common pieces of information that can be exposed in a data breach. It might not seem like much, but hackers can discover a large amount of information about you from just this one piece of information. Additionally, your email may be easy to find already through social media accounts.

As a result, you should create a separate email for important accounts and another for less essential ones. For example, you can use one email address for all of your entertainment accounts (such as Netflix, Spotify, Youtube, Steam, social media, online games, etc.) and another for more important accounts (such as banking, taxes, finances, etc.). By keeping this information separate, you reduce the chances of valuable information falling into the wrong hands.

2. Use a password manager

Most people have a very bad habit of using the same password for multiple websites and apps. This means that if hackers get access to one password, they can usually access multiple accounts. In order to prevent this, experts say that you should have a unique password for each website and app that you use. Additionally, your password should not be a word in the dictionary, and should contain symbols, numbers, and uppercase and lowercase letters.

While it may seem overwhelming to keep track of unique, individual passwords for each account, password managers solve this problem. A password manager stores all of your passwords in one place. Some password managers can even generate completely random passwords for you (usually a long, random, case-sensitive string of numbers and letters). In some cases, the password manager may have a browser extension which automatically enters your password for you. In others, you have to open the app or website each time to copy and paste your password.

While password managers are a target for hackers because they contain a lot of sensitive information, they are better than any current alternative. If someone manages to hack into a password manager’s server, the data they can access is generally useless. The data will not make any sense unless the malicious actors also have the master password, and obtaining a master password is even more difficult.

When looking for a password manager, something to keep in mind is that a good password manager should not allow master password recovery. If a hacker can get a hold of your master password, it puts all of your online personal data at risk.

3. Enable two-factor authentication

You might employ this already, but two-factor authentication (2FA) puts another wall between your personal information and hackers. In essence, 2FA requires you to provide two different authentication factors when logging into an account. Typically, one of these factors is your password and the other is a notification on your smartphone or email.

While not all online accounts offer 2FA, you should enable it wherever you can, in particular for accounts that may contain more personal information. Your social media accounts, email, online banking, and online marketplaces (such as Amazon) should all have 2FA enabled if possible.

The SelfKey Identity Wallet is a free identity solution for Windows, Linux and Mac. Get yours today!

4. Use platforms with strong security

It’s vital that the platforms you use have a good system in place to protect your data in the event of a breach. Some companies are extremely committed to security, while others aren’t fussed. One good way to get an idea of how good a platform’s security protocol is is to check if they’ve ever experienced a data breach, and what their response was (take a look at the latest data breaches here).

Repeat offenders and platforms that have a delayed (or non-existent) response to a data breach are places where you don’t want your personal data to be. It very well may be in your best interest to delete accounts and remove yourself from the platform. Consider Facebook, which experienced five separate data breaches )affecting nearly nearly 2 billion user accounts) in 2019 alone. While the social media company has said that they are making changes, the numbers speak for themselves. It might be time to get off Facebook (including Instagram and WhatsApp, also owned by Facebook) or at least severely limit your presence on the platform.

Ultimately, it’s up to you if you want to completely remove yourself from a platform, but in some cases it could make a big difference. We also recommend that you do your due diligence before joining a new platform. Check to see if they’ve dealt with data breaches in the past and how it played out. If it doesn’t look good, don’t make an account.

5. Monitor your accounts regularly

You might be able to spot a data breach before a company does if you keep a regular eye on your accounts. In particular, your bank account can be a tempting target for hackers. It’s important to actively monitor your financial statements. If possible, check your bank account and credit card statements online at least once a week. If checking your statements online isn’t possible, make sure you are monitoring your monthly statements. You can also go the extra step of freezing your credit.

Another great tool is Have I Been Pwned?, which allows you to see if any of your accounts have been subject to a data breach. You can even sign-up to receive notifications in the event that one of your accounts is breached. Additionally, if you’ve had data exposed in a breach, you can see exactly what company was involved so you can take action from there.

6. Clean up your accounts

How many of you have an inbox that is full of old emails? If they contain any sensitive information, that could be used against you in the event of a data breach. By keeping your inbox empty and deleting any old emails containing your personal details, you’re ensuring that there is nothing of value in the event that your account is hacked.

Additionally, malicious actors can hack into your email and threaten to release personal information (in particular explicit photos and messages) to the public for a ransom. If you don’t pay up, your reputation could sadly be ruined. Naturally, this data is even more valuable if the victim is a public figure, such as when the National Enquirer allegedly threatened to release photos of Jeff Bezos and his mistress.

You should consider updating any old accounts too. Payment methods you don’t use anymore, old addresses, and more can be extremely valuable. If you don’t use an account anymore, consider deleting it entirely or at least strip any personal identifying information off of it. 

7. Increase your privacy settings

Is your Facebook profile public? What about Instagram? Who can see your posts? If there’s any information you don’t want to be publicly available, delete it and increase your privacy settings on social media. By removing information and making it harder for people to find you, you stand a better chance of weathering a data breach.

It’s also a good practice to be critical of anyone (friends or not) who randomly starts messaging or calling you asking for seemingly random information or funds. This is called social engineering and is a popular way for hackers to make off with your personal information and your money too. Additionally, familiarize yourself with phishing scams and what they look like.

Conclusion – Surviving a data breach

Data breaches are inevitable, but with the above tools, you are well on your way to making sure that your personal data is protected. Unfortunately, most people do not understand the gravity of the problem until they are personally affected. Taking a proactive approach to your personal data is incredibly important in this day and age, especially when you consider that there is a new victim of identity theft every 2 seconds just in the United States.

While we can hope that companies will begin to take a more proactive approach to user security, that may be a way off. For now, the responsibility lies with the individual to ensure that they are doing all they can to protect themselves. The situation isn’t ideal, but hopefully change is on the horizon.

This is why SelfKey is working on an end-to-end self-sovereign identity management system which will do a far superior job of protecting you from data breaches. You can learn more about our solution here.

Want to learn more about SelfKey? Check out this third party review.