Context:
In today's digital landscape, the threat of data breaches looms large, endangering sensitive and confidential information. This guide aims to empower individuals affected by data breaches with the knowledge and actions necessary to mitigate the fallout. To be clear, a data breach is when unauthorized access leads to the exposure, theft, or illicit use of sensitive information. When taking into account data breaches globally in 2023, the average data breach cost roughly USD 4.45 million (a 15% increase over three years), (Cost of a Data Breach 2023 | IBM, n.d.).
Process and Resources:
If you believe that you are a victim of a data breach, do the following:
- Identify the Breach: If you suspect your data has been compromised, look for signs of suspicious activity such as unauthorized transactions, unusual login attempts, or notifications from your service providers about potential breaches.
- Check for Breach Notifications: Typically, after an incident, the news is made public by the impacted company, a third-party news site, or the attackers.
- Unusual Banking Activity: Check bank and credit card statements regularly, review your credit report for new accounts and report any unusual activity.
- Physical Theft or Loss: Laptops and mobile devices offer easy inroads to data breach.
- Suspicious Messages Claiming to be from Official Organizations: Scammers can use personal details to create customized phishing messages, so exercise caution when handling emails and text messages. Verify the legitimacy of the company the caller claims to represent and avoid leveraging personal information for deception.
- Illicit Marketplaces Online: If you find your information on any illicit website:
- Refrain from interacting with the website or making any further contributions to it.
- Document any relevant information.
- Report the incident to appropriate authorities.
- Secure your personal information by changing passwords, enabling MFA, and monitoring financial accounts for any suspicious activity.
- Report the Breach to SLU-ITS: Notify Saint Louis University Information Technology Services of the breach. We recommend reporting to SLUAware. For your convenience, SLUAware button is available in Outlook for Windows/Android and macOS/iOS users.
- In case of phishing emails, utilize the Report to SLUAware button in Outlook.
- If you accidentally engage with a phishing email, reset your SLU ID password promptly.
- For any emergency issues, call 314-977-4000 or email ask@slu.edu.
- Secure and Monitor Your Accounts: Swiftly change passwords for all your online accounts and any other sensitive platforms. Enable two-factor authentication and regularly monitor your financial and sensitive accounts
- Freeze Your Credit: Act immediately after a data breach by adding security alerts, and placing a security freeze to avoid unauthorized access
- Stay Informed and Be Vigilant: Stay abreast of official communications from the affected organization and regulatory agencies involved.
- Beware of Phishing: Exercise caution against phishing attempts seeking personal information and report any suspicious communications.
- Learn from the Incident: Utilize the experience to bolster online security practices and enhance personal information protection.
The most optimal approach to prevent and respond to data breaches involves understanding the underlying causes and methods of the breach. Although specific recommended actions are mentioned in this article (How To Protect Your Identity), it is advisable for SLU students, staff, and faculty to adopt further measures outlined below to enhance their ability to prevent and respond to potential data breaches effectively.
To Counteract Social Engineering:
- Recognize that social engineering, such as phishing, smishing, and vishing, poses a genuine threat, with cybercriminals actively attempting to compromise your personal information.
- Exercise caution when encountering suspicious emails, text messages, or social media communications.
- Validate the source and verify information requests or offers/discounts by visiting reputable websites or contacting trusted phone numbers.
- Safeguard your personal information online by questioning the necessity of sharing.
To Safeguard Your Password:
Your password functions as a lock for your account and data. Create a password using the following three elements:
- Length - Longer passwords are more challenging to crack.
- Complexity - Blend various characters like uppercase, lowercase, and symbols to enhance robustness.
- Uniqueness - Avoid common choices, and never reuse passwords to prevent widespread exposure in case of a breach.
To Enhance Device Security:
- Utilize strong authentication methods such as fingerprints or facial recognition on devices.
- Activate full-disk encryption, such as FileVault for Mac or device encryption for Windows, to secure data in the event your device is lost or stolen.