214-379-4200 - Business Only support@avaren.com

Imagine you just received a notice from a vendor that your personal data has been ‘breached’ or shared onto the “Dark Web”. 

 

In recent years, examples of high-profile data breaches include Experian, AT&T, Facebook Marketplace, T-Mobile, and countless others. Sometimes only a portion of a person’s personal data is released to the dark web (such as one’s Social Security number). Other times the breach could include every piece of information the vendor had on file, including your password.

Information leaks of this kind can open a person up to greater potential for Identify Theft. What are the steps a person can take should a “data breach” occur to them, and what other considerations should a person be aware of? We will dive into those questions below.

 

First Steps:

1. Find Out What Data Was Leaked:

 

  • Determine what information was exposed. Some credit card companies may notify you if your data was part of a breach.
  • If your firm is enrolled in AVAREN’s Breach Monitoring program, we may be able to provide you with this information.
  • You can also check whether your email address or phone number has been compromised using services like “Have I Been Pwned.”

2. Change Any Exposed Passwords:

  • Even if your password was not included in the breached data, it makes sense to change your password for the affected vendor

Also consider changing passwords at other vendors that are the same or similar. Once a password or permutations of it have been “leaked,” it should not be used again in the future. This is because hackers could be trying this password and those permutations at all your online vendors now, hoping they might get lucky into one of your other accounts.

 

3. Check your credit report regularly for anomalies.

  • Some credit card companies offer a degree of credit monitoring for free (ex. Capital One). Other services can be paid for if so desired (ex. Experian).
  • Put a lock on your credit account with the credit agencies. This can be done by signing up for a “locking” service at one (or more) of the credit bureaus. May slow you down however if you add credit accounts regularly.
  • Monitor Your Accounts and Check Credit Reports:
    • Regularly review your financial accounts for any suspicious activity.
    • Contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to add a fraud alert.

4. Contact Your Bank and Credit Card Providers:

  • If needed, call your bank and credit card companies immediately.
  • Freeze and replace all your cards to prevent unauthorized transactions.
  • If you are especially concerned, it may make sense to investigate an ID Theft Protection service like the packages offered by Zander. This firm specializes in helping people secure and monitor their personal identity and credit. Zander is a cheaper alternative to market leader LifeLock. 

5. Switch From Text-Based MFA to an Authentication App:

  • If your name and phone number were part of the breach, attackers might try to log into your accounts.
  • Enable multifactor authentication (MFA), which requires a second factor (in addition to your password) to log in.
  • Use an authentication app (e.g., Google Authenticator or Authy) for better security.

 

On the Business Side: 

Because a breach of a business manager’s password or other information could affect the underlying business, it becomes imperative that passwords be both complex and unique for every separate system or vendor. This means that we can no longer use the same password on multiple systems’ websites. 

Business Owners, Accountants, Purchasing Agents, and similar roles can have online relationships with over one hundred separate online vendors. Even people without these titles can often collect dozens of user/password combinations over several years. 

Having to use a unique password at every vendor creates the necessity for us to modify our daily processes to include the use of a Password Manager. These are some of the benefits:

  • An organizational system to store personal information of all kinds including URLs, passwords, pin codes, software keys, important notes about one’s accounts, etc.
  • One password (that you remember) can now log you into a secure system to access all your other passwords.
  • Departmental groupings for keeping important vendor passwords coordinated across multiple people.
  • Puts managers back in the ‘driver’s seat’ with far more control than under current lack of system (ex. when a staffer leaves).
  • Ability to easily generate complex passwords of any length.
  • Mobile App
  • Browser plugins that can input your passwords for you while browsing on your PC
  • And more.

For a Business Owner (given the high stakes involved now with computer security), leaving people ‘to their own devices’ in this area and not providing them with a system is no longer an option. If we do not give our people a system for this purpose, then each person will invent ‘their own’ system. Under chaotic operating conditions such as these, we cannot hope to keep our computer systems secure.

 

To this end AVAREN’s support packages are more comprehensive than ever, and now include: 

 

Security Awareness Training – Helps identify gaps and strengthens our weakest links. 

Dark Web/Breach Monitoring. – Informs us of which customer accounts have been compromised or leaked onto the Dark Web. 

Password Manager 

Office 365 & SharePoint (SaaS) Security Monitoring 

 

…and much more to help prevent business disruptions before they occur.

 

While we cannot prevent personal information leaks from third party vendors onto the Dark Web, we can help strengthen security within the business enterprise. If your current IT Support package lacks the features and services described here, we can help improve the security posture of your business. If you own or operate a multi-person business, please give us a call today to discuss getting started. 214-379-4200

 

(ML/gd)

Skip to content