Cybersecurity experts have revealed how even the most knowledgeable people can become victims of a data breach and what to do if such a thing happens.
Her comments came after millions of AT&T customers were caught in a major data breach that included home addresses, phone numbers, Social Security numbers, and dates of birth.
Lisa Plaggemier, executive director of the National Cybersecurity Alliance, spoke exclusively to The US Sun about what a breach can do to your data and why it's so dangerous.
She explained that much of the data compromised and stolen in the breach “is being used in social engineering campaigns by bad actors to deceive people.”
They may use this information to trick individuals into clicking links or handing over access to their accounts. This is because they are considered trustworthy because they contain all your personal information.
“At this point in today's world, if you assume all your information is public, it's for sale on the dark web,” the cybersecurity expert warned.
Read more about cybersecurity
In a cautionary tale, she explained how data thieves used these tactics and even her own mother became a victim.
“There was a laptop company that had a malicious employee in its support office in India sell its customer list to bad actors on the dark web,” Plagemier explained.
“That list included the names, phone numbers, addresses, model numbers, and serial numbers of the laptops people owned.
“When my mother received a call from someone claiming to support the organization, they knew the model of her machine and the serial number of her laptop, so I assumed it was legitimate.”
As a result, her mother freely handed over her credit card details and allowed remote access to her laptop.
“Just because someone seems to know so much about you, you can't assume that the person you're talking to or emailing is really that person,” says an expert. added.
Plagemir warned that with the advent of artificial intelligence, the threat will become even greater and more people will fall for such scams.
New technology makes it much easier to spoof videos, photos, and calls, making it even more difficult to detect fraud.
With this in mind, people need to know as much as possible how to protect themselves from data breaches, especially since it becomes difficult for experts to share obvious signs of suspicious activity.
“There is so much supply and demand on the dark web,” Plagemier warned, resulting in “higher costs of purchasing data on the dark web.” [has] come down. “
While the responsibility for security falls largely on the companies that own the data, everyone needs to protect themselves as best they can.
At this point in today's world, assuming all your information is publicly available, it's up for sale on the dark web.
Lisa Plagemia
The director of the National Cybersecurity Alliance advises you on what to watch out for, how to manage your passwords, and the critical systems you need to protect all your personal accounts.
She explained that it's important to be on the lookout for phishing texts, phone calls, or other forms of communication that “take advantage of this information stolen in a breach” and “try to trick you.”
Plaggemier's other two tips relate to passwords, which many people find too lenient.
First, she warns that too many people reuse passwords for different accounts, or simply change a password by adding a number but keeping the core of the password the same.
This is especially dangerous for people who have already lost their passwords in a data breach, as the bad guys already know the original version of the password.
“The bad guys know that we have a habit of reusing passwords,” Plagemier warned.
“They have software that allows them to use the same passwords over and over again and bounce them to all different types of accounts to see what they can get into.”
However, remembering unique passwords for every account is nearly impossible, so the National Cybersecurity Alliance recommends using a password manager.
3 steps to take after a data breach
Cybersecurity expert Lisa Plaggemeier offers three top tips to keep your data protected before and after a breach.
- Be wary of phishing texts, phone calls, or other forms of communication that may use your leaked information.
- Never reuse passwords, especially after a breach occurs and you are instructed to change passwords for affected accounts. Use a password manager if necessary to keep all passwords unique.
- Enable multi-factor authentication for all your personal accounts and key services such as banking, and consider eliminating multi-factor authentication if you don't have this option.
This will help you store your passwords securely and help you identify suspicious websites, highlight reused or similar passwords, and notify you if your passwords have been involved in a breach. is also helpful.
The third tip from Plaggemier is that everyone should have multi-factor authentication on all accounts.
Here you can authorize login to your account by entering a code sent to another trusted account or device, or by using your phone's authenticator app.
“If you're very bad at reusing the same or similar passwords, if someone already has your password, they won't be able to access your account because they don't have second-factor authentication.” ,” the cybersecurity expert explained.
With this tip, she cautioned that this doesn't just concern banks and financial apps.
“Every account that offers it should use it,” she said.
“If you don't mandate its use, you should turn it on.”
On the other hand, if your financial app doesn't offer or mandate a multi-factor authentication process, it's best to ditch it completely for safety reasons.
“It should be mandatory for all of them at this point,” she said.
“If not, you'll go to another bank because that means your bank isn't doing basic things to prevent fraud on your account.”
