Your data has been leaked – now what?

The good folks over at authentic8.com created a solid blog post on what to do after your data has been leaked.  The post is a bit old, but the content is still relevant.  Go read the full post here.

I pulled out some of the stuff that resonated with me.

Do this TODAY!

Acknowledge that you are a victim. Say it to yourself: “My data has been stolen and will probably be sold to the highest bidder.” That realization should permeate your behavior. Where you used to click links, enter passwords in fields, or throw official-looking mail in the trash, now you can’t.

Notify others that you’ve had your data stolen. Start with financial and other service providers, and make sure you put a fraud alert on your credit report. Then let the police know. Having this paper trail will show that you’ve done your part. Tax fraud is a huge and growing issue, so let the IRS know through Form 14039, an affidavit of identity theft.

Do this over the next MONTH!
Create an inventory of your current accounts. Save your bank statements, credit card details, insurance disclosures, and as much of your medical record data you can. If you’re able, make printouts from the websites of the providers. This will give you a starting snapshot, which might be useful with any future claims. 

Take advantage of the free credit service or other alerting services that the provider will offer. Take a look at the agreement to see if there is any insurance coverage as part of the offering.

Google Alerts can be useful, too. Create an alert with your name and name variants, your address, car license plate(s), phone number, whatever. Certain transactions that become a matter of public record will be identified, and you’ll get a notification. That way, if someone steals your house and changes the title, you’ll know.

Complete these steps within 90 DAYS

Move the goalpost. I mean, change everything that you can. Banks will give you new credit and ATM cards. Insurance providers can issue new cards with new numbers. Tell them that your wallet was stolen, since it is simpler for them to understand. Change security questions on websites. If you can prove that you’re “continually disadvantaged,” the Social Security Administration can change your social security number. It’s a PITA, but the form is here.

And do these things FOREVER

Secure yourself online. This is the perfect opportunity to hit the “Big 3” security steps online: passwords, 2-factor authentication, and isolation.

Change all of your account passwords, especially email. Use a password manager to make them unique and complex.
Turn on 2-factor authentication to everything you can. This system is so elegant, yet overlooked. A provider will send a text to your phone to verify every login attempt.

Isolate your online environment. Use a dedicated browser for only those sensitive accounts. Browse Facebook, Twitter, or dating sites on another browser.

Every few months, make sure to review account records for fraudulent activity. The initial inventory of account records and the move to secure yourself online with a password manager and secure browser should make this much easier. But get in the habit of looking at your statements. You’d be surprised how clever some criminals are, making small charges to your card that might get overlooked, like $6.17 for Acme Digital Services.

Once again, great stuff over at authentic8.com.  I highly suggest their blog.

Adam Anderson

Adam Anderson is the author of Built to Survive: A Business Person's Guide on How to Recover and Thrive After a Cyber Attack. Adam’s 15 years of entrepreneurial startup experience and his knowledge Enterprise Cyber Defense gives him a window into what’s wrong with communication between large and small companies. He combined this knowledge and the good works from the National Institute of Standards and Technology’s Cyber Security Framework to co-author the book “Small Business Cyber Security”. This book was later turned into an online class by Clemson University. Adam has been active in peer advisory boards for small business CEOs. He took this experience and co-founded a peer advisory board for Chief Security Officers of fortune 500 companies. This mix of small and large businesses has positioned Adam as one of the few people in the world to understand the complete supply chain of cyber security.
Posted in