In the first 3 months of 2019, there have been no less than 30 major data breaches affecting consumers like you. Companies such as OXO, Houzz, Fortnite, Blackrock, and Ascension are just a few of the large companies who were hacked and exposed the Personally Identifiable Information (PII) of people in their databases. The two largest breaches in history occurred this year. And there's a good chance that your information was in there:
February 2019 - 763 million unique email addresses were exposed, and many records included names, phone numbers, IP addresses, birth dates, and genders.
January 2019 - 2.7 billion records including 773 million unique email addresses and passwords.
We take the security of client personal and financial data very seriously. With online hacking targeting individuals and small businesses on the rise, there are important steps that you can take to safeguard your data and recover if you’ve been a victim of a data breach:
1. Investigate
Check if you've been part of a data breach
First, you need to check to see if you have been part of any of the known breaches to date. Go to Have I Been Pwned, enter your email address and it will notify you right away if your email address has been compromised. If it has, change your email password immediately.
2. Prevent
Get notifications of future data breaches that you’re part of
Go to Have I Been Pwned, click "Notify me" at the top, and enter your email address. Do this for each email address that you have. You'll be notified if a data breach is discovered with your email address in it. If this ever happens, change your email password immediately.
Protect your company from data breaches
You'll also want to know if someone else at your company has their email address at your business involved in a data breach. If you have a custom domain such as yourcloudbookkeeper.com, this applies to you. Go to Have I Been Pwned, click "Domain search" at the top, and follow the instructions to be notified of any data breach involving your domain. Once again, if this happens, change the password of the impacted email(s) immediately.
Get notified of a data breach while on a website
If you use Google Chrome, you can add a free Chrome Extension that will check your username and password when you access a website and will alert you if that combination has been part of a known data breach. Information on that extension can be found here.
Password storage
If you keep your passwords stored in your web browser, we recommend against it. Also, if you repeat passwords across websites we highly recommend against that as well. If you can remember your password, it's likely easy to hack. To help here, we recommend a password manager program like LastPass. Best of all, while there's a cost for some of their business plans, it's free for individuals.
Use multi-factor authentication where available
To ensure that your password isn’t the only key to unlock access to your email or other online accounts, take advantage of multi-factor authentication whenever you can. The most commonly used are confirming your identity with a code sent to you via text or phone call in addition to entering your password.
3. Recover
If you or your business has been a victim of a data breach, all isn’t lost. There are steps that you can take to get back on track, find out if any damage has been done, and safeguard your data moving forward.
Monitor accounts
Monitor all financial accounts for missing funds or unknown transactions. If you work with a bookkeeper, notify them right away so that they can help you review your account activity as well. Also, review social media and email accounts to ensure that your personal information isn’t compromised there.
Run your credit report
Ensure that your information is accurate and that no accounts have been fraudulently opened in your name. In the United States, you can get one free copy of your credit report each year.
File your taxes sooner rather than later
By filing your tax return early, you reduce the risk of someone else filing in your name and collecting a refund before you do.
Place an extended fraud alert on your credit
If you’re a victim of identity theft, you can set it up so that a business must verify your identity with you before it issues new credit. This can be put in place for 7 years. Learn more about the process.
Contact Social Security
In 2017, Equifax had a data breach where 143 million people had information stolen, including social security numbers. To see if you were impacted, click here, scroll down, click on “Am I Impacted” and follow the instructions. If you were impacted, contact the Social Security Administration to get a copy of your wage earning report and ensure that your social security number isn’t being used fraudulently.
If you would like help with any of the suggestions above, to do a security audit to ensure your business is set up to protect against hacking and data breaches, or to be set up for secure cloud computing, contact us.
To learn more about how we handle bookkeeping in a secure environment, read our blog post on working in the cloud.
You said you would find a good bookkeeper when pigs fly. Well, today is your lucky day!