Data breaches have become a little like the weather—something we complain about in line for our morning coffee, but ultimately so beyond our control that we simply accept nothing can be done.
Unfortunately, there’s only one sure way to protect yourself completely from data breaches: don’t live in the 21st century. For those of us choosing the present with smartphones, social media, online bank accounts, and browser histories that know way too much about us, at this point it’s less a matter of preventing breaches than of containing the fallout after one happens.
Big data breaches happen where the data is: databases held by either companies or the government. Since we don’t own or have control over either of these sources, there’s very little we can do to make sure the necessary steps are being taken to safeguard our data. And although with each passing year, safeguards seemingly become stronger — still, market and social consequences for a breach are still pretty low.
“It’s not a question of if it’s going to happen, but when,” says cybersecurity expert Brett Johnson. “Your number has just not been drawn yet.”
If you’ve been the victim of a breach, there are several steps to take that experts say can at least get you back on track to having a safe life — both online and off.
Delete Your (Old) Accounts
You can’t prevent breaches, but there are a few things you can do to protect yourself from greater harm in the long run.
You’ll want to limit your points of exposure by restricting new online accounts and deleting ones you no longer use. Maybe you were an active eBay merchant a decade ago, but no longer have the time or energy to pursue this side hustle after having started a family. If so, delete your eBay account and the PayPal account attached to it if you don’t use that either. Both services have already experienced breaches, by the way.
“Think about it as basic cyber hygiene,” says Scott Shackelford, cybersecurity expert and Executive Director of the Ostrom Workshop at the University of Indiana Bloomington.
Though many companies try to increase customer engagement by letting you create an account on their website, consider logging in as a guest when making purchases instead. If there’s no personal advantage beyond eliminating a step or two in the check out process, why store your credit card number, address, and other info on yet another site that could eventually be breached?
The problem isn’t necessarily with information contained in the account itself, but in the fact that people are prone to consistently repeating usernames and passwords in online accounts. So, if the username Fergiefangirl19 and password Will.I.Am.Not appear in a Myspace breach, there’s a good chance that person has used the same login credentials for other online accounts, sometimes switching the username for the password and vice versa. Thus, the breach of your defunct Myspace account can lead to criminals gaining access to your online bank accounts, social media profiles, health records, etc.
Sign Up for Credit Monitoring
If data breaches are inevitable, and if your data is out there already, what can you do to mitigate the damage? Like a flat tire, to fix the problem you need to find out where the leak is. A site like haveibeenpwned.com will let you know if your information has made it out into the world. Knowing which breach — or breaches — your data exists in can potentially tell you what kind of data has been exposed— and is helpful in determining your next course of action.
For victims of breaches involving banks, credit cards, or other financial data, signing up for a credit monitoring like Privacy Guard or LifeLock should be a high priority too. Often breached companies — Experian and Yahoo, for instance — will offer monitoring to their customers for free and you should take them up on the offer. These services will alert you to when there’s been a hard pull inquiry or new line of credit opened in your name, and some will even monitor the dark web for your personal information.
Don’t make the mistake of thinking that breaches outside of the financial sector aren’t potentially damaging. Take every attack on your data seriously, no matter how seemingly mundane the nature of the exposed data.
Change Your Passwords
Next — and we’re sure you’ve heard this advice dozens of times before — you gotta up your password game. Stop using the same password for every one of your accounts. This alone can save you all kinds of headaches when hackers get ahold of one login.
Breach or no breach, you should be changing your passwords on something like a regular basis anyway, but let’s not fool ourselves: humans are generally more reactive than proactive.
One way to keep yourself honest is to use a password manager, like Dashlane, LastPass, or Keeper. Not only will these store hard to remember passwords for the 90 online accounts the average internet user has, but they will create randomized passwords that are harder to crack than the easy-to-remember phrases you’re probably using.
Many password managers offer these basic services for free, with an option to pay for more powerful protection options, syncing across devices and platforms, and other digital security add-ons.
Notify Your Bank Accounts
Finally, contact your bank(s) and credit card issuer(s) to notify them that you’ve been the victim of a breach, and that they should monitor your accounts for suspicious activity. Do this even after you’ve signed up with a credit monitoring service. Credit monitors can tell you where your information is being used, but what they won’t do is prevent the theft of your ID or the opening of fraudulent new accounts in your name. For that, you’ll need to contact the credit bureaus (like Equifax) to have them freeze your credit and contest the fake accounts. In fact, Shackelford suggests preemptively freezing your credit.
“You don’t need your credit open 99% of the time, so it should be frozen 99% of the time,” he says.