A CYBERSECURITY expert has revealed that even the most informed people can become victims of a data breach and what to do if it happens to you.
His comments came after millions of AT&T customers were involved in a significant data breach involving home addresses, phone numbers, Social Security numbers and dates of birth.
two
Lisa Plaggemier, executive director of the National Cybersecurity Alliance, spoke exclusively to The US Sun about what happens to your data in the event of a breach and why it’s so dangerous.
She explained how much of the data compromised and stolen in a breach “is used in social engineering campaigns by bad guys to scam people.”
They can use this information to get individuals to click on links or give up access to their accounts because they appear trustworthy due to all the personal information they have on them.
“If you assume, at this point in today’s world, that all your information is public, it is for sale on the dark web,” warned the cybersecurity expert.
read more about cybersecurity
In a cautionary tale, she explained how these tactics used by data thieves resulted in her own mother becoming a victim.
“There was a laptop company that had a malicious employee in their support offices in India selling their customer list to a bad guy on the dark web,” Plaggemier explained.
“This list included names, phone numbers, addresses, model numbers and serial numbers of the laptop that people owned.
“When my mother received a call from someone claiming to support that organization, she assumed it was legitimate because she knew the model of her machine and the serial number of her laptop.”
As a result, her mother freely handed over her credit card information and gave them remote access to her laptop.
“Just because someone seems to know a lot about you, you can’t assume that the person you’re talking to or emailing is really the person they say they are,” the expert added.
Plaggemier warned that with the emergence of artificial intelligence, the threat will be greater and more people will fall for scams of this type.
It will be more difficult to detect scams thanks to how easy it is to fake videos, photos and phone calls with new technologies.
With this in mind, people should know how to best protect themselves from data breaches, especially since experts will have a harder time sharing telltale signs of suspicious behavior.
“There is so much supply and demand on the dark web,” warned Plaggemier, that as a result “the cost of acquiring data on the dark web [has] to descend.”
While the responsibility for security falls heavily on the companies that hold the data, everyone needs to protect themselves as much as possible.
If you assume at this point in today’s world that all of your information is public, it is for sale on the dark web.
Lisa Plaggemier
The director of the National Cybersecurity Alliance advises what to look for, how to manage your passwords, and a vital system you need to have for protection across all personal accounts.
It’s vital to be on the lookout for phishing texts, calls, or any other forms of communication that are “trying to trick you” by “leveraging this information that was stolen in a breach,” she explained.
The other two tips given by Plaggemier are related to passwords that many people are careless about.
Firstly, she warns that many people recycle passwords for different accounts or change them to simply add another digit, but keep the central part the same.
This is especially dangerous for people who have already lost their passwords in a data breach, as bad actors already know the original version of the password.
“The bad guys know that we have a habit of recycling passwords,” warned Plaggemier.
“They have software that allows them to go through different iterations of the same password and compare them to all different types of accounts to see what they can get into.”
However, knowing that it is nearly impossible to remember a unique password for each account, the National Cybersecurity Alliance recommends using a password manager.
THREE STEPS TO TAKE AFTER DATA BREACH
Cybersecurity expert Lisa Plaggemeier has three top tips for keeping your data safe before and after a breach:
- Keep an eye out for phishing texts, phone calls, or any other form of communication that could use leaked information.
- Do not recycle passwords, especially after a breach occurs and you are instructed to change the password for the affected account. Use a password manager if necessary to keep all passwords unique.
- Enable multi-factor authentication on all personal accounts and any important services like banks that don’t have this option, consider ditching them.
This will store your passwords securely and can also help identify suspicious sites, highlight reused or similar passwords, and notify you if your password has been involved in a breach.
Plaggemier’s third tip is that everyone should have multi-factor authentication on all of their accounts.
This is where you can approve account logins by entering a code that is sent to another trusted account or device, or by using an authentication app on your phone.
“If you’re really bad at reusing the same password or a similar password, that means if someone already has your password, they can’t access your account because they don’t have that second authorization factor,” the cybersecurity expert explained.
With this tip, she warned that it is not only relevant for banking and financial applications.
“You should use it on every account that offers it,” she said.
“If they didn’t require the use of it, you should activate it.”
Meanwhile, if a financial app doesn’t offer or require the multi-factor authentication process, she recommends abandoning it altogether in the interest of security.
“They really should be mandating this at this point,” she said.
“If not, I would look for a different bank because that means they are not doing the basics to prevent fraudulent activity on your account.”
This story originally appeared on The-sun.com read the full story
