It can happen to you: Part 2

It happens. Accounts get compromised, your privacy is breached, and you end up feeling vulnerable as a result.

Even technology professionals are subject to attempts to compromise our personal and financial information. The Web is a large place, filled with individuals versed in social engineering waiting for the right moment to get a hold of your information. Despite following best practices, it can still happen.

Many of us have been there before, and there are ways to reduce the risk of it happening again. My financial information was recently compromised, and this is my story.

So, how do you respond to a situation like this?

Don’t Panic

Stay calm and think of ways the compromise could have occurred.

Don’t panic.

Douglas Adams
Author, The Hitchhiker’s Guide to the Galaxy

Have you received any strange phone calls or emails lately? Did you log in to a service you regularly use, but noticed something different about the process?

Locate the main number of the service that was compromised and contact their support department immediately. Do not refer to past emails or other electronic forms to find this information as a recent message may have been the source of the attack. Instead, retrieve the appropriate information from the company’s website.

Set up Activity Alerts

My day was just coming to a close when I received an activity alert from my bank. It was a text message notifying me that several hundred dollars of sports equipment had been charged to my credit card. I was on the phone with their customer service department within minutes.

Activity alerts are critical to overall security, and I suggest that you activate them wherever possible. If I was not alerted to the fraudulent activity, there is a good chance that it would have continued without my knowledge, leading to a much worse situation.

The bank agreed that the charge was suspicious, refunded the amount, and cancelled the card to prevent further purchases. A new card was issued within a couple of days – and many banks can provide you with a new temporary card in person these days.

Implement 2-Factor Authentication

Two days after receiving the alert from my bank, I received a suspicious activity notification related to my iTunes account. Thankfully I have 2-factor authentication enabled on my Apple account, allowing me to prevent the sign in and change my password. Apple has streamlined this process and was even able to tell me the rough location of the login attempt.

While 2-factor authentication may seem like a nuisance on the surface, it’s a vital component to keeping accounts secure. At Valiant, we use 2FA with every possible service and encourage our clients to do the same – it’s even a part of our security awareness training program.

Choose Strong Passwords

Using strong passwords is incredibly important. Not only should passwords be strong, they should also not be re-used across multiple services to minimize risk should one be compromised. They should also be recorded in a password manager, and not on sticky notes, to ensure that they remain hidden from others.

Many companies enforce best practices for passwords, requiring a combination of letters, numbers, and characters, along with routine changes to prevent passwords from becoming stale. These practices are put in place for good reason, to reduce risk, and can easily be used for personal accounts.

Remain Vigilant

It’s easy to be reactive in a situation like this by following the advice above, and it’s equally important to practice good account security at all times. Download Valiant’s Password Best Practices Checklist as a first step to maintaining your privacy online. Taking a proactive approach to your security now will prevent a lot of headaches in the future.