Prevent, Detect, Mitigate, and Recover from Cyberhacking
Mass hacks like Equifax show that even if you do what is in your power to stop attacks, it may not prevent the businesses you work with from getting exposed.
Rather than scrambling when the news breaks to determine whether you were hit by a data breach, assume you have been — and understand there is no silver bullet to fix it. Then, follow these tips for yourself and your organization.
Use devices wisely
- Don’t click unknown links — Be very wary of website links that arrive in emails. Hackers use bogus links to send victims to rogue sites that deliver malicious software (malware) that can steal your passwords and other personal financial information. If the email appears believable, navigate to the site with your browser when possible.
- Get a PIN for your smartphone — Some thieves will call your phone company and say they want to add a new line. If you’ve set up a PIN with your provider, the criminal will have to verify the number. If you don’t have the PIN, there is no way to verify your account.
- Employ two-factor authentication when possible — And make sure you’re using smart passwords, too (e.g., complex, do not repeat them, do not use the same one across multiple sites, etc.)
- Back up your data — Use cloud software with regular back up cycles, when possible.
Watch your financials
- File your taxes early, if possible — Fraudsters can use your personal information to file your taxes before you can. You may also consider getting an IRS identity PIN.
- Diligently monitor your bank accounts — Set a recurring calendar reminder or processes for your organization to check your accounts weekly (at a minimum).
- Enable money alerts on credit cards and bank accounts — When you define your transaction limit, you'll receive an email or text if you go over the limit. For accounts you rarely use, you could set alerts to $1 so you get notified if any transaction happens. For regular accounts, set the dollar amount at a figure that would seem out of place for that card, whether that’s $50 or $5,000.
- Set up a credit monitoring service — Set up alerts for new activity (like new accounts) to be delivered by text message. FreeCreditReport.com (which is actually not free) and Credit Karma are two of many options.
- Consider an identity protection service — If you cannot perform the above items with diligence, use an identity protection service such as LifeLock or Identity Guard.
Get off the lists
- Opt out of junk mail via optoutprescreen.com.
- Halt telemarketing via donotcall.gov.
- Avoid sweepstakes surveys, credit offers, and giveaways.
Protect your credit
- Disable automated money movement — Avoid enabling online banking features that easily move money out of accounts, such as wire transfers or ACH (automated clearing house), unless you have a pressing need to do so.
- Credit over debit — Avoid using debit cards for purchases, especially online. Credit card losses are typically much easier to recover than losses from stolen debit cards.
- Keep credit card receipts — Then balance and reconcile your card accounts the same way you balance your checking account.
- Shrink your number of online credit cards — Consider using only one of your cards for online purchases, which makes it easier to keep an eye on activity. A third-party payment vendor (e.g., PayPal or Amazon) can be an alternative to credit cards.
- Freeze your credit — Freezing your credit with all four credit bureaus will prevent criminals from opening up new accounts under your name. Of course, if you want to borrow money you’ll need to unfreeze your credit.
Defend your organization
- Close the door behind you — Sometimes crime walks right in your door. Like when an employee politely holds the door open for someone who’s tailgating them (Watch an undercover video of this.)
- Fortify your network — Protecting your organization’s entry points is a measure of your network’s defense. Test your network regularly to identify security vulnerabilities.
- Train your people — An organization’s best defense is its employees. Staff training can help your business adjust to evolving social engineering techniques.
- Back up your data — To get back online, you need your data backed up, ideally every 24 hours.
- Put a plan in place — Have a documented plan in place with a flow chart of decisions so that everyone knows how to properly respond and help reduce your exposure.
Know how to react if you are breached
- Report suspicious card activity ASAP — Be prepared to place a credit freeze on your accounts by contacting the four credit reporting agencies (Experian, Equifax, Transunion, and Innovis). This is the best way to prevent fraudulent use of your identity, although the freeze has consequences (unable to get loans) and does not prevent tax fraud.
- Contact the police — Some credit bureaus will require you to file a police report to begin the recovery process.
How we can help
We can help you assess your vulnerabilities through penetration testing, train your employees to recognize fraud, respond to an incident if one occurs, and recover from a cyberdisaster so you can get your business back online.