So, this is rather embarrassing to admit, but I am one of those people that knows exactly what to do when your personal information is stolen. It’s not embarrassing that I know what to do. It’s embarrassing why I know what to do. The first time I had to cancel my credit cards wasn’t my fault. We were having a house party in college and someone stole my wallet out of my purse in my room. You can imagine my panic the next morning when I couldn’t find it. MADNESS!!! MAYHEM!!! (I obviously had taken zero information security training at this point).
The solution in this situation is pretty straight forward. You call and cancel your credit cards, right? Easy peasy. Over the next ten years (or so) I got really good at calling and canceling my credit cards, mostly, because I would walk off and forget my wallet (who does that?!)
This year I decided to take the vendetta against my personal identity even further. Apple phising scam from Iceland that wants ALL of my personal information? Name, phone, billing address, apple password, social security number? Heck yes! Sign me up for that fun… ness (read: sarcasm). In reality, I had a moment of poor judgment, fell for the scam, clicked submit and did an immediate “FACE PALM” or as Bruce from Family Guy would say…
I couldn’t just call and cancel my credit cards or place a temporary freeze on my credit, no this time they had EVERYTHING. So, I did what any person in that situation should do, I took defensive action!
1. Changed all of my online passwords
2. Canceled my credit cards
3. Contacted the FTC to report my identity theft (they then supply you with an Identity Theft Affidavit)
4. Filed a police report to document that my identity had been stolen (you must contact the FTC first, as you are required to provide your Identity Theft Affidavit)
5. Called Equifax, TransUnion and Experian and froze my credit (FOR-EV-ER)
When the incident initially happened I was frustrated with myself for letting it happen, but now as I look back I’m slightly relieved. Look at what has happened in the last 12 months: there was the Target data breach, the Nieman Marcus data breach, the Heartbleed virus and now the Russian hackers. Our information is out there! There are 7 billion people in the world and according to the International Telecommunications Union approximately 3 billion are using the internet. The Russian hackers stole 1.2 billion user names and passwords, but fortunately all of my credit is on lockdown.
Here’s a look at the breach by the numbers:
Do you feel safe? Because with around 3 billion people using the internet, the chance that your information was stolen is only 47% – according to the infographic. That’s less than half, so… glass half full!
Hopefully you realize I’m being facetious. Approaching the Russian hack with anything other than increased information security training would be a gross mistake on our part. Whether you think your company’s security system is Fort Knox or more of a University of Phoenix, now is the time to conduct a security audit. You can start with making sure you have these 5 information security training essentials. Also, don’t forget the simple stuff. The infographic above highlights how easy or hard it is to hack a password based on its construction. Go back into your security policies and security awareness training to ensure your password policy is Russian proof. This means you want your employees to have passwords that have 11 lower and uppercase letters, numbers and symbols.
You should also join us on Thursday, August 14th for our webinar, “Cybersecurity 2014: The Impact On Global Companies.” If you read this post after the 14th, you can access the slides and recording on-demand and watch at your leisure. The webinar features Lisa Sotto, Chair of Hunton & Williams Global Privacy and Cybersecurity practice, and will delve into best practices framework for investigating and reporting data breaches, the current state of data privacy legislation and what to do in the event of a data breach.
If you choose not to join us next week or can’t make it, I hope you’ll continue to analyze and access your current security controls and leave with this thought for the Russian hackers and all other cybercriminals: