You received (another) letter from (another) company that holds your data saying that they had cyberbreach. Oh, and your personal data was maybe compr
Another company was hacked, and your data was probably stolen (again).
I like being able to easily find what I need, so I am a big fan of being organized. I have color-coded file folders for things we receive in paper form and need to keep (yes, really!). This include things like bills paid, paperwork for the kids’ schools, medical forms we receive from the doctors, car maintenance, bank statements, and so on.
I’ve had these same folders for many years, but there’s a new file folder that I recently had to set up: Stolen Data/Cyber Breaches.
Yes, I now have a folder for all those letters we’ve received over the last few years about the cyber breaches that the spousal unit and I have received. The last one we got was in May, from TaskRabbit, Inc., one of the resources that Frank used to launch his home energy audit and weatherization business last year.
Also in that folder: Home Depot, JP Morgan Chase (twice), US Department of Veteran Affairs, IRS, Verizon, Citigroup, CVS, Gap, Hyatt Hotels, US Army, Department of Defense, and UMass Salem State, to name a few.
That doesn’t include the ones that sent email notices, like Yahoo!, Gmail, eBay, DropBox, Facebook, LinkedIn, Living Social, and Zappos. Or the ones that didn’t even bother sending anything, like Equifax.
Our data is being compromised so often that it almost feels normal, like data breaches are the price we pay in order to live in our world today. Most of us probably don’t even bother reading the letter past skimming the first few sentences. We just roll our eyes, sigh, and file or throw away the notice.
That’s probably not the best response.
Let me make this crystal clear: The reason cyber criminals steal this kind of data is because they want your information, whether it’s your name and address, last four digits of your social security number, ID and passwords, security questions, etc.
Yes, even little, ole, insignificant you.
The more information they have, the better they are able to develop a profile on you. And the more detailed your profile, the more your information is worth on the black market. I guarantee you that there’s some enterprising shady character who is aggregating information that’s been stolen and creating composite profiles to be sold.
Composite profiles are valuable because we make it so easy for anyone else to use our information. Most of us use the same information (passwords, user IDs, email addresses)—or some variation thereof—again and again. As a result, most of us wouldn’t pass a basic pentest (which tests the penetration your cybersecurity). This is true for both business and personal cybersecurity.
I know, I know. You are absolutely sick and tired of hearing about cybersecurity. You don’t think that your information is worth anything to anyone. You don’t have the time, energy or money to take on this huge task. And even if you did, you don’t even know where to start.
Despite your frustration or annoyance, ignoring this is NOT an option. And I have a few ideas that shouldn’t take much time or effort when you get one of those letters.
Longer term, you really need to take a more comprehensive approach to cybersecurity. If you don’t believe me, consider the fact that 70% of cyberattacks target small businesses. Also, how many phishing emails have you received recently? Chances are, several.
To stay protected, you will need to beef up your cybersecurity. You have a few ways you can go about this. You can:
The first is free but can be time consuming; the second is inexpensive and will take less time; the third could get expensive, but you at least don’t have to think about it; and the fourth is simply playing with fire—which will eventually cost you way more time, money and energy, sooner rather than later. More than half of small businesses that experience a breach close their doors within six months.
Whatever you decide to do, start somewhere. Even just making sure your operating system is up-to-date adds a layer of protection.
Meanwhile, I’ve set aside that letter from Task Rabbit so we can check to make sure that the spousal unit's (free) ID Theft service is up-and-running. Then I’m going to file that letter.