Look, Your Data Is Going To Be Stolen

In 2016 we saw a 40% increase in data breaches and things are not looking much better for 2017; with at LEAST one major breach every month so far. Some of these breaches are due to clever or hard-working hackers, some are due to poor vulnerability management or negligence, but most are a bit of column “A” and a bit of column “B.” While the breaches may vary individually, collectively they all tell us the same thing: eventually, your data will be breached.  It’s time to treat breaches as an eventuality instead of as possibility.

Look, Your Data Is Going To Be Stolen

Think of it as insurance, sure you want health insurance for when you’re alive, but you still need life insurance in case something tragic happens.  Chances are, that tragedy has already happened; you can check if you’ve been a victim of a data breach for yourself here.  So, how should you protect yourself against data breaches?

Here are a few simple ways to protect yourself:

Use a Password Manager (Correctly)

One of the biggest mistakes you can make is using the same password for multiple accounts.  Sure, it’s easy to remember just one password, but it also makes it easier for attackers to cause even more harm.  One way that you can mitigate this by using a password manager. Password managers like LastPass or Dashlane will help you create secure passwords and keep them safe if used properly.

It’s worth noting, however, that a password manager only works if it’s used properly. If the password you use to login to your manager is easily guessed or the same as your other passwords, then all you’ve accomplished is handing over even more of your information to attackers.  It’s a bit like writing your PIN on all of your credit cards and then getting mugged.  To make sure you keep your secrets secret, use a secure password for your manager and pair it with my second tip, Multifactor Authentication (MFA).

Use MultiFactor Authentication (MFA)

Authentication factors fall into three main domains: something you know (passwords), something you are (biometrics), and something you have (phones or tokens).  Like the name suggests, MFA utilizes at least 2 of these factors before allowing account access. Most commonly, you will enter your password and then be brought to a screen asking for a second form of authentication. Usually this second form comes in the form of a One Time Use PIN sent to your phone via text message or a specific authenticator app on your phone.

Put Your Credit in the Deep Freeze

Password managers and MultiFactor Authentication do a great job of securing your data, but true Information Security still requires a bit of diligence on your part. If a website you use has been breached (LinkedIn, Yahoo!, Equifax), change your password as soon as possible. Another important protective measure is to freeze your credit with all three major agencies.  A credit freeze stops anybody, including yourself, from accessing your credit report, preventing would be attackers from opening accounts in your name. Freezes can be removed when you decide to get a new credit card, buy a home (or avocado toast for the millennials out there), or make other major purchases, and then be reapplied once your purchase is complete. Unless you’re actively making a purchase, always keep your credit frozen because unlike passwords, your birthday and Social Security Number (SSN) never changes.

Update, Update, Update

Keeping your systems up to date against threats is also incredibly important. Updates to your operating system and security definitions will help keep your data (and your clients’ data) protected against various attacks. Microsoft recently released an update to protect against ransomware attacks like Wanna Cry and Not Petya.  I prefer to schedule my update checks automatically to ensure that they’re being applied consistently.

Finally, backing up your data on a regular basis can help reduce headaches tremendously.  Most ransomware attacks encrypt your data and demand a ransom in exchange for a decryption key that may or may not work. By having a dependable backup, you can just recover data yourself instead of paying a hefty ransom with no guarantees.  Backups are high priority targets for attackers though, so be sure to keep them isolated from your network unless they are actively backing up.

Unfortunately, data theft and breaches are here to stay.  The company Yahoo! alone has had over 3 billion accounts compromised, and approximately half of all Americans have been affected by the Equifax breach, regardless of whether or not you have ever been an Equifax customer. While it may not be possible to stop all attacks, there are steps you can take to protect yourself and minimize the damage. By using a password manager, MFA, and proactive measures, you can provide yourself with a bit of surety in an unsure world.

Pete Stegemeyer

Pete Stegemeyer

Pete Stegemeyer is a security researcher and 2017 BlackHat USA Scholarship winner. He currently lives and works in New York City.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *