Headlines about data breaches seem to hit us nonstop. The March 2019 hack of Capital One’s databases exposed the personal information of over 100 million people. Capital One says its stolen data probably wasn’t used by the hacker or disseminated to anyone else, but even if that’s true, data breaches are all too common. Equifax has reached a settlement with the Federal Trade Commission (FTC) that includes a fund to compensate people affected by its own data breach, which happened two years earlier. Marriott, Target, Yahoo, and eBay have all been hit hard in the past 10 years — to name only a few hacked companies.
Each time a fresh wave of headlines breaks, you may wonder: “What if my information was compromised? How would I find out? What am I supposed to do now?”
You have options. But your biggest asset may be a shift in perspective.
A Better Way to Look at Data Breaches
Data breaches are serious, and they can pose a genuine risk. “What if my information was compromised?” is a reasonable thing to ponder.
But these days, asking that question is a bit like asking, “What if my house gets dirty?” One way or another, dust and dirt will probably find their way into the nooks and crannies of your house — and your personal or company data will probably be compromised sooner or later. So rather than losing sleep about whether you’ve got cobwebs in your closets, consider a more pragmatic approach. It might be time to clean house.
After every big breach, the FTC gives consumers the same advice: Consider freezing your credit, set up fraud alerts, keep an eye on your credit, and change your passwords. For small businesses, things work a bit differently, but the idea is the same — just assume that your personal data is out there already, and focus on guarding your credit.
Breaking It Down
Let’s look at each piece of the FTC’s advice in turn:
- Consider freezing your personal credit. A freeze can be a powerful tool, clamping down tightly on who can pull your credit report — in effect, preventing anyone else from applying for credit in your name. Best of all, credit freezes are now free everywhere in the U.S., and they don’t affect your credit score, so the only downside is the inconvenience of separately contacting each of the Big Three credit reporting companies (Experian, Equifax, and TransUnion) to freeze or unfreeze.
- Set up fraud alerts. Unfortunately, businesses can’t freeze their credit in the same way that consumers can. But you can place fraud alerts on both business and personal accounts. A fraud alert is less restrictive than a total freeze, but it’s still an effective tool. You only need to notify one of the Big Three to alert you whenever someone pulls your credit report, and the other two will create an alert as well.
- Keep an eye on your credit. Capital One is offering free credit monitoring to anyone affected by its breach (the company will be contacting affected customers individually). But even if your data wasn’t stolen in the Capital One hack, you can sign up for any of various free or low-cost credit monitoring services. (Each of the Big Three offers this service, as well as a number of third parties.) Credit monitoring generally lets you keep an eye on your credit score and alerts you of any big changes or suspicious activity. And, of course, there’s always the do-it-yourself option: You can request a free credit report at least once a year, and many options exist to check more often than that.
- Change your passwords. A stolen password isn’t much good to a thief if it doesn’t work anymore. And if you’re tired of juggling all your passwords manually, consider a password management tool for extra peace of mind.
One last thing to consider: It isn’t just the big-name companies like Capital One and Equifax that are targeted by hackers. Any business can be breached — even yours. There’s no such thing as perfect security, but any precautions are better than none. If you’re not sure where to start, the FTC has some pointers for that, too.
Whether you know that your information has been compromised or you just want to protect yourself in the event that it is, talk to CRI’s IT audit and assurance professionals to learn more.