I’m a cybersecurity expert – my own family fell victim to a data breach, exact steps to take if your info is compromised
A CYBERSECURITY expert has revealed that even the most clued-up people can become data breach victims and what to do if it happens to you.
Her comments come after millions of AT&T customers were involved in a significant data leak involving home addresses, phone numbers, social security numbers, and dates of birth.
Lisa Plaggemier, executive director of the National Cybersecurity Alliance, spoke exclusively to The U.S. Sun about what happens to your data in a breach and why it is so dangerous.
She explained how much of the data that is compromised and stolen in a leak “gets used in social engineering campaigns by bad guys to trick people.”
They may use this information to make individuals click on links or hand over access to their accounts because they seem trustworthy due to all the personal information they have on them.
“If you presume at this point in today’s world that all of your information is public, it’s for sale on the dark web,” the cybersecurity expert warned.
read more on cybersecurity
In a cautionary tale, she explained how these tactics used by data thieves even saw her own mother become a victim.
“There was a laptop company that had a malicious employee in their support offices in India sell their customer list to a bad guy on the dark web,” Plaggemier explained.
“That list included names, phone numbers, addresses, model numbers, and serial numbers of the laptop that people owned.
“When my mother got a call from somebody purporting to be from support from that organization she presumed it was legitimate because they knew the model of her machine and the serial number of her laptop.”
As a result, her mother freely handed over her credit card information and gave them remote access to her laptop.
“Just because somebody seems to know an awful lot about you, you can’t presume that the person that you are talking to or emailing with really is the person that they say they are,” the expert added.
Plaggemier warned that with the emergence of artificial intelligence, the threat will be greater, and more people will fall foul of such scams.
It will become harder to detect scams thanks to how easy it is becoming to spoof videos, pictures, and phone calls with new tech.
With this in mind, people must know how to keep themselves safe from data breaches as best they can, especially because experts will find it harder to share tell-tale signs of suspicious behavior.
“There is so much supply and demand on the dark web,” Plaggemier warned, that as a result “the cost of purchasing data on the dark web [has] come down.”
While the responsibility of security lies heavily with the companies holding the data, everyone has to protect themselves as much as possible.
If you presume at this point in today’s world that all of your information is public, it’s for sale on the dark web.
Lisa Plaggemier
The National Cybersecurity Alliance director advises what to look out for, how to manage your passwords, and a vital system you need to have for protection across all personal accounts.
It is vital to keep an eye out for phishing texts, calls, or any other forms of communication that are “trying to trick you” by “leveraging this information that has been stolen in a breach,” she explained.
The other two tips given by Plaggemier are related to passwords which many people are too lax about.
Firstly, she warns that too many people recycle passwords for different accounts or change them to simply add another digit but keep the core part of it the same.
This is especially dangerous to people who have already lost their passwords in a data breach as bad actors already know the original version of the password.
“Bad guys know that we have a habit of recycling passwords,” Plaggemier warned.
“They have software that allows them to cycle through different iterations of the same password and bounce those up against all different kinds of accounts to see what they can get into.”
However, knowing that remembering a unique password for every single account is nearly impossible, the National Cybersecurity Alliance recommends using a password manager.
THREE STEPS TO TAKE AFTER DATA BREACH
Cybersecurity expert Lisa Plaggemeier has three top tips to keep your data protected before and after a breach:
- Keep an eye out for phishing texts, calls, or any other forms of communication that may be using information that has been leaked.
- Do not recycle passwords, especially after a leak has occurred and you are instructed to change your password on the affected account. Use a password manager if necessary to keep all passwords unique.
- Enable multi-factor authentication across all personal accounts and any key services like banks that do not have this option, consider ditching them.
This will safely store your passwords and they can also help identify suspicious websites, highlight re-used or similar passwords, and notify you if your password has been involved in a breach.
The third tip from Plaggemier is that everyone should have multi-factor authentication on all their accounts.
This is where you can approve log-ins to accounts by entering a code that is sent to another trusted account or device or by using an authentication app on your phone.
“If you are really bad at reusing the same or a similar password this means that if somebody already has your password they can’t get into your account because they don’t have that second factor of authorization,” the cybersecurity expert explained.
With this tip, she issued a warning that it is not only relevant to banking and financial apps.
“You should be using it on every account that offers it,” she said.
“If they haven’t mandated the use of it then you should turn it on.”
Meanwhile, if a financial app does not offer it or mandate the multi-factor authentication process she recommends ditching it altogether in the interest of safety.
“They really should all be mandating it at this point,” she said.
“If not, I would get a different bank because it means that they are not doing the basics to prevent fraudulent activity on your account.”
