I was reading an article on Sophos about the Anthem Healthcare breach, and putting this information together with some other articles I have read recently, and this question came to mind: what personal information is the worst to lose? In the Anthem breach, people lost information that included their “names, dates of birth, member ID/social security numbers, addresses, phone numbers, email addresses and employment information.” With this kind of information, it would be a pretty simple thing to open credit card accounts or take out loans in the the name of these individuals.
Unfortunately, there is not a lot we can do to prevent these sorts of losses to our personal information. We are depending on the companies that hold this information to be responsible stewards, to use best practices including technologies such as encryption. If you were part of this or any other data breach, all of these companies are providing free credit monitoring services. If this applies to you, you should enroll.
So what could be worse? Certainly, if a cyber-criminal acquired the user name and password for your bank account or brokerage account, you might find yourself surprisingly penniless. That would definitely hurt.
How about your email account? Sounds trivial, but this may actually be worse, because someone with access to your email account can read your email, and learn about the companies that you do business with; where you bank, where you shop, everything. By going to websites where you do business, they can request a password reset which will be sent to the email account that they already have access to. Then they can reset you password to something like your Amazon account and go on a shopping spree. Access to other accounts would follow, including banks and other financial accounts. They might also send an email to your contacts with some sort of plea from “you” for money (“Help me I’ve been mugged in Paris…”) Losing control of your email account makes you incredibly vulnerable to other attacks.
Your network credentials where you work certainly would be valuable to a cyber-criminal. These are usually acquired through some sort of scam in the form of an email or phone call that appears to be coming from your own IT department or perhaps from a vendor or customer. Something like this would have been how the people running the Target breach initially gained access through the network credentials of an HVAC supplier. If you were pinpointed as the source of a breach such as this, how would this impact your job and income? Maybe your employer would be understanding about it, hey it could happen to anyone, right? Or maybe they would not.
My point is this: we all need to become more vigilant and savvy when it comes to our online lives, and keep our login credentials under our control. Create a long and complex password. Use two factor authentication whenever it is available. Learn how to recognize phishing emails, and never click on a link in an email, or open an email attachment without checking them out with something like VirusTotal. These are methods you can use to stay save online. I recommend that you begin using them regularly.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com