Wednesday , 15 August 2018
Home >> S >> Security >> What to do after a data breach: 5 steps to minimize risk

What to do after a data breach: 5 steps to minimize risk

It happened again. Another major web service lost control of its database, and now you’re scrambling to stay ahead of the bad guys. As much as we hate them, data breaches are here to stay. The good news is they don’t have to elicit full-blown panic no matter how sensitive the pilfered data might be. There are usually some very simple steps you can take to minimize your exposure to the potential threat.

Here’s how.

Step 1: Determine the damage

hackerThinkstock

The first thing to figure out is what the hackers took. If they got your username and password, for example, there’s little point in alerting your credit card company.

News articles and company statements should make it very clear what leaked. Was it just your email address, or was it your password data too? What about credit cards (if applicable) or personal data like private messages?

This is the first step in creating an effective recovery plan, but before you take any action there’s a critical follow-up question to ask.

Step 2: Can the bad guys use your data?

Hackers take data all the time, but many times the stolen data is unusable thanks to security practices that include terms like “hashed,” “salted,” and “encrypted.” If the data is in the form of “cleartext,” that means no cryptography has been used, and it’s just as easy to read and manipulate as a Word document or a regular email message.

Hashed data, on the other hand, is data that has been scrambled in a such a way that you cannot decode it back to plain text. Hashing is often used for password databases, for example.

Not all hashing methods are equal, however, and sometimes they are reversible. As a second line of defense, a company may add what’s called a salt—random data—to make decoding harder. The bottom line with hashing is that you’ll need to probe a bit further to see whether the company believes the data is usable or not.

What to do after a data breach: 5 steps to minimize risk

It happened again. Another major web service lost control of its database, and now you’re scrambling to stay ahead of the bad guys. As much as we hate them, data breaches are here to stay. The good news is they don’t have to elicit full-blown panic no matter how sensitive the pilfered data might be. There are usually some very simple steps you can take to minimize your exposure to the potential threat.

Here’s how.

Step 1: Determine the damage

hackerThinkstock

The first thing to figure out is what the hackers took. If they got your username and password, for example, there’s little point in alerting your credit card company.

News articles and company statements should make it very clear what leaked. Was it just your email address, or was it your password data too? What about credit cards (if applicable) or personal data like private messages?

This is the first step in creating an effective recovery plan, but before you take any action there’s a critical follow-up question to ask.

Step 2: Can the bad guys use your data?

Hackers take data all the time, but many times the stolen data is unusable thanks to security practices that include terms like “hashed,” “salted,” and “encrypted.” If the data is in the form of “cleartext,” that means no cryptography has been used, and it’s just as easy to read and manipulate as a Word document or a regular email message.

Hashed data, on the other hand, is data that has been scrambled in a such a way that you cannot decode it back to plain text. Hashing is often used for password databases, for example.

Not all hashing methods are equal, however, and sometimes they are reversible. As a second line of defense, a company may add what’s called a salt—random data—to make decoding harder. The bottom line with hashing is that you’ll need to probe a bit further to see whether the company believes the data is usable or not.

close
==[ Click Here 1X ] [ Close ]==