Everything you need to know about a data breach
Every now and then you hear a familiar headline: A company suffered a data breach and now millions of customers’ details are exposed.
We give companies a lot of information about ourselves – addresses, financial details – and place a lot of trust in them to keep it safe. It’s always unfortunate when a business that’s come to be a part of your daily life suffers a cybersecurity incident, but it’s an unavoidable reality in this day and age.
There’s still a lot of confusion that surrounds data breaches – namely, what they are and how they affect people. Once you have a good understanding of that, you can look to implement some best practices to keep your personal data a little bit safer.
What is a data breach?
A data breach takes place when a cybercriminal or unauthorised user breaks into a company’s internal network and gains access to the areas where customers’ information is stored. While they may or may not take that information, simply having access to it is reason enough to believe that all the information has been compromised.
Information that’s commonly targeted during a data breach includes:
- Email addresses
- Physical addresses
- Full names
- Credit cards and debit cards
- Government-issued information (like the National Insurance Number in the UK)
- Answers to recovery questions
- Purchasing habits
All of this information can either be used by the cybercriminals in future attacks or sold on the Dark Web. Email addresses and passwords, for instance, can be used as fodder for credential stuffing attacks. It’s a type of cybercrime where someone uses software to run through thousands of email and password combinations in minutes, hoping to gain access to someone’s account.
New regulations like the General Data Protection Regulation (GDPR) are being put in place to hold companies more accountable for how they handle customers’ personal data. While brands with household names put millions into their cybersecurity, start-ups and smaller businesses often lack the funding to do so and can be prime targets for cybercriminals.
How can a data breach affect you?
Victims of data breaches are almost always removed from the cybercrime, so it can feel like nothing really happened in the first place. But data breaches are a big deal because of how they can affect those who had their information exposed.
In the scenario of a data breach, not only did the company that suffers one break consumers’ trust, but they’ve also failed to keep their pledge to protect the information that they collect. Cybercriminals now may have enough personal details to take out loans in other peoples’ names, make large purchases and generally impersonate victims who did nothing wrong.
Many people tend to use the same password across all of their accounts, despite the fact that it’s not a very good idea. If a cybercriminal were to learn that password in a data breach, they could then have access to all of the victim’s accounts that use it. Considering that many companies don’t immediately announce a data breach – though, this is changing with GDPR – a cybercriminal could gain access to multiple accounts before a victim even realises it.
The good news is that when a data breach is announced, companies often offer a remediation package for those who were involved.
How to protect your data online
Cybercrime has evolved and data breaches are a great example as to how. While you can’t stop a company from suffering a data breach, you can improve the way you protect your data so that you can limit your exposure. Adopting best practices and using solutions like Norton 360 helps protect against cyberthreats.
When it comes to protecting your information, here are a few tips that’ll help:
- Be careful who you give your information to. While you can’t get away from giving your details to your phone company or favourite retailer, really think about whether you want that new e-commerce website or news outlet you’ll never visit again to have your email address and financial details. Larger companies have better cybersecurity, while many smaller companies simply don’t have the resources to protect your data.
- Create different passwords for all of your accounts. It might be easier to use the same password for all of your accounts, but if one of those companies is breached then all of your accounts are compromised. Use a password manager like the one included in Norton 360 to keep track of all your account details and make it more difficult for cybercriminals to access them.
- Install antivirus software. Companies aren’t the only ones who can leak personal information to cybercriminals. If your computer gets a virus or malware, you could be responsible for giving up your personal and financial information. Use antivirus software to help protect against cyberthreats.
- Use a VPN online. If you’re giving personal information to companies when you’re online banking or shopping on a public Wi-Fi connection, you could be handing it over to cybercriminals at the same time. They can compromise public Wi-Fi to steal information that’s transmitted over it. Use a VPN to encrypt your data and traffic.
While data breaches are a company’s responsibility to prevent, users can also take steps to protect their data. Using a single solution like Norton 360 can go a long way in helping to protect against cyberthreats.
Copyright © 2020 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.