It’s become a disturbingly common affair: a company discloses that it’s been the victim of a data breach, exposing the personal data of millions of customers. It’s easy to become numb to the headlines, but the fact that there have been so many cyber attacks is reason to be vigilant.
Just this year alone, we saw a hack of file transfer tool MOVEit affect British Airways, BBC, IBM and more. T-Mobile reported two breaches, with the first in January affecting 37 million customers. Others include Duolingo, Pizza Hut and KFC and even ChatGPT. With so many attacks, it’s only a matter of time before you’re caught up in one of these cyber attacks.
So what do you do?
Here are a few steps to follow to better protect yourself. While nothing you do can 100% protect you from an attack, or from someone to use your info against you, these actions will help mitigate the risk and make it a lot tougher for scammers. And given the sheer volume of victims, sometimes the best you can hope for is that your protections are enough of a hassle for them to move on.
Step 1: Move quickly when informed
A company is obligated to disclose whether the information you’ve supplied to them has been exposed, so keep an eye out for those notifications. Once notified, move quickly. Speed is of the essence when working to protect yourself.
Figure out what information has been exposed. That will help you determine the steps you need to take.
Just keep in mind that while a company needs to disclose that you’ve been involved in a data breach, it may not be so forthcoming with the details.
Step 2: Look at your passwords
If you’re like many people, you tend to recycle passwords across different accounts. It’s an awful practice – but given how many accounts people juggle, it’s understandable why they’ll resort to that. If one of those passwords happens to be one caught up in a breach, a hacker potentially has access to many different accounts and services in your name.
So if you are someone who uses the same password over and over, change them!
Better yet, sign up for a password manager, which will auto-generate different, complicated passwords for all of your different accounts, leaving you to just remember the single password.
But keep in mind that even password managers can be breached, as it did with Lastpass late last year. Bitwarden offers a fairly complete version of its password management software for free, but services like 1Passworld and Dashlane also offer more bells and whistles if you’re willing to pay a premium.
Just know that they’re not immune to attacks (look at Lastpass), so you may need to be prepared to move services if one shows it can’t adequately protect you.
Step 3: Two factor authentication
Adding a second layer of protection onto your most critical accounts is also key. That usually includes two factor authentication, in which you’re sent a second, randomized password or pin number to enter on top of your standard password, further ensuring that you are, indeed, you.
This is a feature offered by all banks and many services, so take advantage of it when possible.
Many offer text message-based multi-factor authentication, but given how easily it is for your cellphone number to get exposed, security experts recommend using an app-based authentication app like Google Authenticator or Authy. For those particularly vigilant, a physical fob like one from Yubikey is the ideal solution.
Step 4: Work with the credit agencies
You can file a fraud alert with the three credit bureaus, Experian, TransUnion and Equifax. That will have the agencies contact you for verification if someone attempts to file a credit application in your name.
Keep in mind the fraud alert only lasts for a year, after which you can manually extend it yourself.
You can also request to freeze or lock your credit, which limits or restricts other businesses from accessing your credit. Keep in mind this can be a hassle if you’re doing something like signing up for internet service, since the freeze will prevent the company from accessing your information.
Step 5: Continue to monitor your credit and accounts
Even after you lock your credit down, you’ll still need to maintain an eye on your different accounts. But sometimes, that can be overly burdensome, and it’s only human nature for that vigilance to fade over time.
You can choose to sign up for a service like Norton LifeLock or American Express’s CreditSecure to keep ongoing tabs on your accounts and passwords. These services keep tabs on whether your passwords or accounts have been exposed, and give you regular updates.
At this point, it’s also good practice to look at inactive accounts, whether they’re old emails or to some retailer, and shut them down. The smaller your digital footprint, the harder it is for a scammer to notice you.