Take back control: A quick guide to data breach prevention

Data breaches happen more often than we would like, but many know them too well. In recent years, multiple data breaches involving several big-name companies have occurred. At their worst, data breaches negatively impact your life and may be challenging to bounce back from. Using an affordable Android phone with a password manager is a step in the right direction to safeguard your accounts. This guide covers things you can do to minimize the impact of a data breach and what to do after one occurs.

What data is typically taken during a data breach?

The data taken can vary depending on the size or scope of the data breach and the industry a company is in. For example, a banking institution data breach might give an outside attacker an open window into your finances and linked cards. If that attack is severe enough, it can reveal your Social Security number and other sensitive data. Any data an outside attacker can obtain during a data breach is valuable to them, even if it’s only a list of your email addresses.

However, they typically want personal information like your name, home address, credit cards, bank accounts, phone numbers, Social Security numbers, and account login credentials. They want anything and everything that identifies you as you. Even a minor email address data breach can likely lead to a spike in spam or scam emails. Some emails might sneak past your spam filter, putting them front and center in your inbox. Since it’s in your primary inbox, you are more likely to click these messages and not think twice about them.

Data breaches can happen to all companies, both big and small

Every online account, from big to small, has the potential to experience a data breach. Attaching more accounts to your name and primary email address increases the likelihood of your data being compromised. Even a random news website account you used a few times in the past and forgot about could cost you in the long run. It depends on the personal info you included on that site.

Suppose you’ve had the same email account for over a decade. In that case, you may have experienced multiple minor data breaches without knowing it. Many of those incidents can likely be traced back to random old accounts on websites you may have forgotten about. Any website offering an email account signup process can experience a data breach. Avoid signing up for random online accounts if you know you’ll never use them much.

What can you not control regarding data breaches?

You can do everything right and still lose your data because a company fell victim to an internal data breach. This happens frequently and includes banking institutions, credit card companies, wireless network carriers, retail stores, and hospitals with access to your private medical records. You expect these companies to handle your data with care. However, they are not immune to phishing scams, ransomware, and other tactics that can lead to data breaches.

It only takes one slip-up from a single company employee to put your data at risk from outside threats. Companies are implementing security measures and employee training to prevent that, but it’s not always enough. Data breaches can be an inside job where a disgruntled employee works with outside attackers. Many cases exist where someone remotely accesses company data, possibly from different countries, and gets into the company network. It typically starts with common phishing scams that fool employees into clicking malicious links or installing invasive software.

This can be an email, text message, or phone call designed to look and sound like an official company communication. Emails, for example, might come from a compromised company email account on their local servers. This makes it look more believable to other employees. To make things worse, scammers prefer to target higher-up company executives if they can. Known as spear phishing, these scams are more direct and dangerous than regular phishing scams. Spear phishing helps the attacker carry out their plan since a company executive has special privileges that regular employees don’t.

Whether it’s an entry-level employee or a higher-up company executive, your data can be at risk of a data breach at any given moment. There is nothing you can do to stop a company from losing or mishandling your personal information. It can be hard to recover after a data breach occurs, depending on the severity and how much of your info was taken. From there, your personal information will likely continue to be resold on the dark web for months and years, possibly worsening your situation before it gets better.

What should you do after you have been affected by a data breach?

Data breaches, especially involving big-name companies, make the news headlines quickly in most cases. Watch the news and look for official press releases from the companies impacted by data breaches. Staying informed helps you understand what happened, how bad a data breach was, and what information was lost during the attack. In severe cases, a data breach could lead to identity theft, funds being taken out of your bank account, and loans or credit cards being opened in your name.

Since there is so much going on at once after a data breach occurs, it can be challenging to figure out where to start. First, go through your password manager, find old accounts you haven’t used in a long time, and update them as necessary. Either delete old accounts or update the passwords and add 2FA to protect your data further. If an account supports passkeys, do that instead of relying on a password for increased security.

Many password managers allow you to scan your saved accounts and look for compromised passwords or other accounts. If the scan finds anything, change your passwords or add passkeys to affected accounts as needed. After securing your accounts, monitor your bank statements and credit card reports for a while as a safety precaution. The time range can vary, but keep on top of this for a few months, at minimum, after a data breach occurs.

Look for unknown or unauthorized transactions. If you find something unusual, report it to your bank or credit card company. Also, go to each major credit bureau (Equifax, Experian, and TransUnion) and freeze your credit reports. Freezing your credit ensures no one can open new credit in your name, saving you from further headaches. You could place a fraud alert on your credit reports. This alerts creditors to take extra steps to protect your data by requiring strict identity check requirements.

You only need to contact one of the three credit bureaus and ask them to place a fraud alert on your credit report. By law, they automatically contact the other two bureaus for you. The fraud alert stays in place for one year, but you can request a seven-year extension. This can be helpful when dealing with identity theft. You should also be prepared for a potential wave of new scam calls, messages, emails, and regular paper mail coming your way after a fresh data breach.

Stay alert and report anything suspicious. The company that lost your data might also offer premium credit report monitoring and identity theft protection to help you. Suppose a data breach leads to serious issues like stolen money or identity theft. Contact your local neveropen department or the Federal Trade Commission (FTC) to have your voice heard. It’s always a good idea to inform the proper authorities about the threat so they know about it. They can do their investigations and choose to take action after a data breach occurs.

Keep your personal info and accounts safe from data breaches

Your data can be taken from you in many ways, whether through a big-name company data breach or a malicious app installed on your phone. While it might seem overwhelming to keep your personal info safe, there are ways to minimize the chances of a data breach. Use this guide as an outline to reduce the impact of a data breach if one happens to you. From securing your accounts with 2FA or passkeys to online safety recommendations, you now have the tools to better your digital security footprint.