First I must confess that I am a huge Capital One fan. As far as I am concerned, they do it right. Good alerting system, great customer service, heck, great products.
So I was a bit dismayed to hear they were the latest victim of a data breach. But as the details were released, it seems the attack was an insider job, and as I have written recently, insider attacks are tough to prevent. Nevertheless, the investigate led to Amazon Web Services employee Paige Thompson as the alleged culprit, and the stolen data was recovered before it was sold or posted online.
As the situation is playing out, we are learning that Capital One had all the appropriate security controls in place, and this allowed them to know the theft had occurred before any real damage was done by the attacker. This is a textbook case for how to do this right.
Nonetheless, these types of attacks are becoming more commonplace. So regardless of where you do your banking, there are some safeguards you can take.
- Check your accounts regularly – Daily online reviews of your accounts are smart.
- Sign up for security alerts – Sign up for any access or payment alert features your bank offers. I like getting payment and access alerts on my smartphone via SMS or email.
- Get credit monitoring – Credit monitoring services can alert you to unauthroized attempts to sign up for credit cards or loans.
- Check your credit reports – Check with each of the credit bureaus at least anually, and even better, quarterly, for unexpected credit activity.
- Get a security freeze – A security freeze prevents anyone, even you, from signing up for a new loan or credit card without first explicitly permitting the application.
- Look out for phish – In the coming weeks or months you can expect to get a lot of phony emails from “Capital One.” These scammers will try to get your online account credentials, so be careful. Only go to the Capital One website directly, not by clicking on a link.
- Educate employees – If this is a business banking account, warn your employees to be on the lookout for fraudulent attempts and requests for online credentials.
Data breaches are almost impossible to prevent, but this one was detected early and the apparent perpetrator arrested before the information was released. All in all, a good job by law enforcement and the Capital One cybersecurity group. For more information , Capital One has provided a link.
More information:
Share
AUG
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com