In the old days, Monica was sloppy with her passwords. She usually just used the password “monica75”.
But she is much better about security now. She even set up a password manager–after patiently writing down a checklist of her online accounts, she diligently made sure each one had a unique password created by the password manager, and that Two-Factor Authentication was set up.
Unfortunately, Monica completely forgot all about her old Venmo account. The mistake was understandable; she had set it up three years earlier, for the sole purpose of sending her friend Valerie money, and had never used it since. It completely slipped her mind.
But when she saw the large charge on her bank statement, and saw that someone had hacked her Venmo account, she realized that she had made a major oversight.
Importance of Monitoring in Security Plans
What Monica failed to do was to use the best tools available to monitor her online accounts and look for security vulnerabilities. If she had, she might have remembered that she needed to secure her Venmo account with the password manager, along with all her other accounts.
You can think about digital security as having four steps: Analyze, Protect, Monitor, and Respond. For most people, the Protect step is obvious, since it involves actively taking steps to secure your life. But it’s just as important to analyze your situation and select the best security solutions, to Monitor your accounts actively looking for security breaches, and to be ready to Respond in case a security breach does occur.
When it comes to Monitoring personal digital security, there are several areas you should keep an eye on. You should know as soon as possible if any of the following events occur:
- An email address you use has been compromised in an online breach
- Your Personal Identifying Information is posted on the internet, or
- Someone uses your Personal Identifying Information to commit fraud
Tools for Monitoring Email Breaches
You can use online Data Breach search tools like haveibeenpwned.com or DeHashed to check if your email address was exposed in a data breach. Note that once you have found a provider you like, it’s worth signing up for notifications. That way, you can find out immediately when one of your accounts has been breached, and respond accordingly. In fact, if you aren’t using these tools, we recommend you try one as you finish reading the article. What you discover might surprise you!
The term “pwned” is gamer slang; probably based on a mistyping of “owned,” it refers to someone who has been utterly defeated by an opponent. The site haveibeenpwned.com
(“Have I been pwned”) provides free tools that allow you to search for your email and find out if any of your online account data has been exposed. Along with allowing a one time search, the site also offers a breach notification service, along with links to the 1Password site, which is one of our recommended Password Manager solutions.
For security minded power users, DeHashed offers a comprehensive set of data breach search tools which can query emails, names, phone numbers, usernames, addresses, and more. The DeHashed website provides a free search engine that gives users access to one of the largest and fastest breach databases out there; it should be relatively easy to use for anyone who is familiar with regular expression searches.
Responding to an Online Data Breach
If you know that one of your online accounts has been compromised, you need to respond appropriately. First of all, if for some reason you are not using a Password Manager, you should sign up for one immediately, so that you can manage your passwords going forward, and respond to any breaches in a timely fashion. Once your Password Manager is set up, login to the relevant accounts, and use the Password Manager to securely generate and store a new password. Then, make sure that you have Multi-Factor Authentication setup for all your accounts. Finally, consider signing up for continuous monitoring so you can stay on top of ongoing data breaches.
Responding to account breaches and cybercrime as an organization is critical, complicated, and typically requires the assistance of trained professionals. If you find one of your organization’s accounts has been hacked and are worried about the impact, contact us to schedule a cybersecurity assessment.