By Wayne White, CEO, and Art Burt, COO
In the wake of the largest security breach ever, we want to talk about what it means for individuals. This security breach is called the MOAB, the mother of all breaches, and involves the largest trove of stolen data, passwords, etc. that has ever been gathered or ever been released. We are talking about approximately 26 billion data records. That's twelve terabytes of passwords, accounts, and more across a large section of the Internet. The following post discusses what this means and what everyone affected needs to be doing about it. Even if you are not affected, here are some urgent lessons and important advice we all need to follow.
The biggest issue is that this data has hit the distribution network. Every hacking group now has access to this massive amount of stolen data, and they're not going to let that opportunity go by.
How To Protect Yourself in the Wake of This Breach
Here are the top four items we advise everyone do to protect their personal data, especially with the increase in cyberattacks and leaked personal data.
1. Change your passwords immediately.
If you have an account potentially exposed, change your password to a strong, unique, and complex one. Don't use something like ‘my dog's name is skip’ that somebody can go into your social media and figure out how to hack into your password. Use something unique. There are tools out there that in most software and applications, where it will generate a password for you, that is probably the safest way. But then you need to have a password keeper to keep track of what those passwords are because by design they are much harder for you to remember.
2. Avoid using the same password across multiple accounts.
Go one step further, and don't use the same login id. Make it complicated as possible for bad actors to get in. Once they find out, they do what's called credential stuffing attacks. Using the same login id across those attacks allows them to have a better success when they're doing that credential stuffing. A corollary guideline is not to reuse passwords from your personal life in your business accounts. Keeping them separate is a best practice for personal security. Also, never use a work email as the login account for a personal site or account, because businesses are attacked far more often. For example, if your business email is associated with your bank account, it's going to make it easier for them once they find out where you're banking to get into that account.
3. Enable multi-factor authentication.
Activate multifactor authentication wherever it's available to add an extra layer of security beyond passwords. When you're offered, opt for authenticator apps over SMS. This will give you stronger protection because SMS is more easily hacked into as well. This will ensure that when you're using the app, it is talking to the phone or device that you're using for your MFA. To be clear, multi factor authentication with SMS is better than no multi factor authentication. But using the authenticator app is better than using SMS.
4. Be even more cautious of phishing scams.
Expect an increase in phishing attempts exploiting the data in this MOAB leak. Don't click on suspicious links in your emails and never share personal information unless you can verify the sender's legitimacy.
Other Advice for Protecting Yourself and Your Loved Ones
Monitor Your Credit
If you don't have a credit watching system, consider a company like Experian, that includes the ability to shut down new credit applications. Bad actors are going to do all kinds of bad things with this data-- straight up theft, stealing, identity theft, and identity fraud. Expect these things to come out of this almost immediately. If they can get into any one part of your data, they can get into all.
Change your passwords regularly
Prioritize what is most important and do your bank first. But change them all, which is never a bad thing to do regardless.
Stay vigilant and prepared
Understand that regular hacks and ongoing vulnerability is just our life now and how things are going to be. We're going to have security risks, at least until we get better regulations from our governments, an increase in our overall operational security, and a universal, secure ID. Until those things change, we've just got to protect ourselves.
Include family members in your vigilance
While protecting yourself, don't forget your children, your parents, and your grandparents. They have social media accounts that are linked to yours. If you forget to have your child change the password on their social media, they're linked to you and your data is going to be seen in terms of stuff that you might use for a password verification process, like your past name. Many attacks are focused on the elderly and those who are vulnerable for dozens of reasons. If you've got a good relationship with your parents and grandparents, talk to them about changing their passwords.
About Altiam Digital
Altiam Digital is a technology consulting and services partner to IT and business executives across all industry verticals. We provide the creative spark and knowledge to help businesses achieve audacious goals. Our clients trust us to help them advance technology enablement, secure their assets against cyberattacks, automate costly processes, and optimize returns on technology investments. Our flagship operations center is in San Pedro Sula, Honduras, at Altia Smart City, a sustainable business and lifestyle campus.
About Wayne White, CEO
Wayne brings 30years of experience in the development of technology solutions, cybersecurity, and products. His previous roles span CIO, CTO, President and Board Member in various sectors including BPO, federal government, manufacturing, and technology. Wayne's demonstrated commitment to delivering creative solutions has earned him industry accolades including an Orbie CIO of the Year award. He has been called upon to provide expert testimony on telco regulatory and legal affairs and serve as a guest lecturer in international business and leadership forums. Wayne is a Six Sigma Black Belt, Certified Chief Information Security Officer, Project Management Professional (PMP), and Cisco Call Center Architect Expert (CCCAE).
About Art Burt, COO
Art Burt is a Certified Chief Information Security Officer and has more than 30 years of experience in solutions architecture, IT, Operations, and Security. Art is an expert in regulatory compliance, including PCI-DSS, HITRUST, HIPAA, GLBA, SOX, GDP, and more. Art's background in military intelligence, law enforcement, and IT led to his current role as a noted security consultant and public speaker on security issues.