“Dear Customer, we regret to inform you that your personal information was one of the many records compromised in a recent data breach by our Company.”
These are words that no consumer wants to hear. Knowing that your personal information is now being circulated amongst unscrupulous cybercriminals or used to extort your frequently visited businesses can be a disconcerting affair. And what if you're a business owner and it's your third-party vendors or partners that has been breached? Trust and patience wear thin when we hear this happen.
Here are some practical things that you can do to protect yourself and your business if you receive notice that your information has been leaked:
Whether you're a consumer or a business owner, take a moment to breathe.
In recent years, data breaches have become a somewhat common occurrence. According to the Identity Theft Resource Center, there was a 77% increase in data compromises in 2023 (3,205) compared to 2022 (1,801). Over 5.3 billion data records are known to have been breached in a total of 652 publicly disclosed cyber security incidents in April 2024, a staggering increase of over 122,000% on April 2023, and over 1,600% higher than in March 2024, according to figures revealed by risk and privacy management specialist IT Governance. Major corporations, banks, and even government agencies have fallen victim to data breaches. While this doesn't make it any less unsettling, understanding that you're not the only one facing such a predicament can help alleviate some stress.
When you are informed that your data was involved in a compromise, remember it's not necessarily about your actions; it's about the larger, systemic issue of cybersecurity. The best thing to do is to keep calm and remember that you have rights as a consumer and as a business owner.
Once you receive that dreaded notification, don't ignore it.
Dive into the specifics provided by the affected company. Be aware of the type of information that has been compromised, whether it's personal details, login credentials, or more sensitive data like financial information. This understanding is key for both consumers and business owners to take targeted actions and minimize potential risks.
Staying informed about the breach specifics empowers you to take targeted actions to protect yourself and your business. Companies are legally obliged to disclose such information, so make sure to read the details carefully.
One of the immediate steps both consumers and business owners should take is to change passwords.
According to Statista, in 2023, the most common password worldwide was 123456, used more than 4.5 million times. Second came admin, reaching more than four million uses. Additionally, 12345678 and 123456789 were both used more than one million times in 2023. The ideal password has 16 to 20 characters with a combination of different letters, numbers, and symbols. (Security.org) However, according to a report published by The Georgia Institute of Technology, 30% of websites don’t support special characters, and 17% don’t have length requirements.
Cybercriminals will try to exploit this statistic to gain unauthorized access not only for the breached account but also for any other accounts where a similar password is used.
Additionally, enable two-factor authentication wherever possible. This adds an extra layer of security, requiring not just a password but also a second form of verification, usually sent to your phone. It's a simple yet effective way to fortify your and your business’s digital defenses.
In the aftermath of a data breach, consumers and business owners alike should monitor their financial accounts. They should regularly review bank statements, credit card transactions, and other financial accounts for signs of suspicious activity and report any anomaly, no matter how small.
If you spot anything unusual, contact your bank or financial institution right away. Most institutions have robust fraud protection measures in place and can guide you through the necessary steps to secure your accounts.
If you have reason to suspect that you are involved in fraud or identity theft, report it to the Federal Trade Commission: https://www.identitytheft.gov/
Consumers and business owners have legal rights and protections in the event of a data breach. Depending on your location, there may be specific regulations dictating how businesses must handle such incidents. In the United States, for instance, the Federal Trade Commission (FTC) provides guidelines for consumers. Businesses may need to adhere to industry-specific regulations and provide services like credit monitoring or sending notifications to affected individuals. Many companies opt to leverage cyber risk insurance to offset some of the costs associated with potential breaches.
Reach out to the relevant consumer protection agencies or regulatory bodies in your country to understand your rights and responsibilities. They can provide valuable guidance on the steps you should take and may even offer resources to help you navigate the situation.
Data Breach Response: A Guide for Business | Federal Trade Commission (ftc.gov)
Whether you're a consumer or a business owner, a breach of sensitive information can be a troubling experience. However, remember that you are not powerless. Stay informed, take proactive steps to secure your accounts, and leverage your rights as a consumer or business entity.
Contact us for a free consultation to learn more about what you or your businesses can do to protect against, prepare for, and respond to data breaches.