Some great advice from our friends at SynchroNet in West Seneca. Please take a few minutes to read this very important message!
While Wikipedia isn’t always the bastion of accurate, unbiased information, it is useful for aggregating news and trivia in one place. We just looked up a “List of Data Breaches” and were astounded by the results … in 2019 alone, so just in the last six months, 140 million records breached (Canva), 541 million records breached (Facebook), 885 million records breached (First American Corporation), 11.9 million records breached (Quest Diagnostics) … and that’s just the tip of the iceberg.
This same source says that as of 2019, “2.7 BILLION identity records, consisting of 774 million unique email addresses and 21 million unique passwords, was posted on the web for sale.”
With such staggering numbers, it’s fair to say that everyone’s affected. And since most breaches occur in North America, it’s even fairer to say that we’re personally affected, whether we know it or not. Not sure if it’s that bad? Let’s talk about the Equifax breach of the social security numbers of 143 million Americans in 2017 – which effectively revealed data on every credit-holding American. Trusted names have been compromised: Target, Home Depot, JPMorgan Chase, Marriott International, Orbitz, Reddit, British Airways, Anthem.
“I just don’t care anymore,” you say. “I’ve got other things to worry about.” We hear you. Reading about breaches affecting billions of pieces of information may as well be like talking about the distance between stars. It just doesn’t matter in day to day life. Or does it?
This phenomenon is called Breach Fatigue: there’s just too much bad news, and we can’t stick our heads in the sand and wait it out. Instead, the sun rises each day, our obligations are still there, and we just move on.
If your employees and coworkers begin to feel like data breach is inevitable and they are powerless to stop it, your company’s risk level will climb to red. The truth is, we CAN and MUST take steps to protect our data.
Steps to Implement Today at the Office
Here are steps you can implement today (yes, TODAY) to overcome breach fatigue and protect your data:
• Have a corporate meeting to address breach fatigue. Reinforce how much you appreciate employees’ help in guarding your corporate information. Ask important questions and really listen to the answers:
– Are employees frustrated with security reminders?
– Do they complain about how often they have to change their passwords?
– Do they have easy-to-use tools to report phishing emails so that managing threats isn’t a burden, but a game?
– Do they see areas of weakness that need to be corrected? Remember, these areas of weakness may include ideas about your network AND your physical premises. If possible, reward great ideas with public praise (and gift cards!).
• Review your security policies (or write them if you don’t have them!).
– Are all of your policies up to date?
– Do employees know what they can or shouldn’t do within your environment?
• Are you using geofencing to prevent intrusions from foreign countries? (But, did you first check to make sure that no vendor servers live in, say, Canada?)
Now Protect Your Personal Information
• Check your credit card statement every month to make sure that no small, random-sounding charges slip through. If this is a struggle, save your receipts for a month and actually check them off when you get your statement to truly verify your charges. Analyze all outlying charges. Is everything correct?
• Change ALL default passwords – from baby monitors to home security systems to doorbell cameras to routers, NOTHING that connects to the internet should be left with factory settings.
• IMPLEMENT A PASSWORD MANAGER. You should not reuse passwords. Yes, this is hyper obnoxious, but identity theft is way worse. A reputable password manager can make logging into your tools a breeze … and you only have to remember the master password! Look for a tool that is compatible with mobile and desktop devices and that can work with Windows, Android, and iOS depending on your gear.
• Check Troy Hunt’s Have I Been Pwned? website to see if the email addresses you use the most appear in one of 322 (and counting) data dumps from websites. This can help you see if your credentials have been leaked. If they have, change your passwords (and put the new passwords into your password manager!), and implement two-step verification where possible.
• If you’re not actively applying for credit, freeze it! Freezing and unfreezing your credit at the three major bureaus is now free – and can prevent the bad guys from doing bad things in your name. With credit freezing, you can skip the Dark Web scan to see what of your data is available for sale and just prevent the next step, identity theft and fraud.
Data breaches are only overwhelming/out of control/inevitable/*insert-nihilistic-phrase-here* when we stop trying.
So don’t stop trying. Get a good night’s sleep, have a cup of coffee, and say “No Way” to breach fatigue. If you have any questions about this information, call us at SynchroNet.