The effects of a data breach can’t be overstated. Even with all the prevention in the world, a good hacker can sometimes find their way into your network. Security is asymmetrical, while you need perfect defenses, a cybercriminal only needs a tiny hole to get into your network.
Unfortunately, because of the asymmetric nature of security, sometimes breaches do occur. So, you’ve been breached. What should you do now? Here are 5 things you should do ASAP:
1) Determine what was stolen
You’ll need to pin down exactly what information was in the data breach. Sensitive information falls into three general categories:
- Least sensitive: names and addresses. You can find most of this data online, so this is pretty harmless
- More sensitive: email addresses, dates of birth, and payment-card account numbers
- Most sensitive: social insurance numbers, online-account passwords, financial account numbers and payment security codes
A password combined with an email address can easily be used to hijack online accounts, and with your SIN and name almost anyone can pose as you. Unfortunately, it’s also very difficult to replace your SIN.
2) Change all affected passwords
If any of your accounts are compromised, change your password RIGHT AWAY. And if you used the same password for any of your other accounts, change those as well, and create a new, strong password for each account.
If you’re concerned about forgetting passwords there are many inexpensive or free password management systems with military grade security. You can save your passwords there, so you only need to remember one.
One more tip, if any accounts offer two-factor authentication, use it! Even if a thief has the right password they can’t get in because they won’t have the code that is sent to your phone.
3) Contact Relevant Financial Institutions
If a bank-card number is stolen, contact the bank or institution that issued the card immediately. Make sure you speak to a live human representative. Explain the situation and ask them to alert you if they detect suspicious activity.
Provided that you notify the bank or card issuer before fraudulent transactions take place, or very soon afterwards, you’re covered. The longer the fraud goes on, the less likelihood you have of recovering your funds, especially with debit cards since they carry less protection than credit cards.
4) Contact a credit-reporting bureau
Contact major credit-reporting agencies and ask each to place a fraud alert on your name. That way if someone tries to use your identity – for example by taking out a mortgage in your name – you’ll know. Equifax and TransUnion are the largest and most well-known credit-reporting bureaus in Canada.
5) Sign up for credit-monitoring
Canada’s credit bureaus, as well as many credit card issuers, offer credit monitoring services. These services provide you with a notification every time there is an update to your credit file, such as a credit card application. There is usually a small cost associated with these services.
One final consideration:
Most people only find out about a breach after they receive a fraud alert from their bank or notice a strange charge on their statement. Unfortunately, confidential information is often on the Dark Web, just waiting to be snatched up by a cybercriminal.
There are several scanning tools that constantly monitor the Dark Web for stolen credentials, and it will notify you right away if any of your information is found. That way you can change passwords, and check you accounts immediately to reduce the effect of any leak.
Consumer grade solutions may be acceptable for an individual, but if you run a business, we highly recommend using something enterprise-grade. In the wake of some major cyber breaches we’ve determined these tools are critical to holistically protecting your network.
We offer Dark Web monitoring to all our clients. The cost is very reasonable, and it could end up saving you a lot of money AND time. As they say, “an ounce of protection is worth a pound of cure”.