Prepping for a Data Breach

We take the topic of cyber security and your district’s data seriously. We’ve published articles on proper use of public Wi-Fi, the dangers of phishing, and most recently, we created a brand new TargetSolutions course on how to train your staff to identify phishing.

Although there were fewer data breaches over last year than in the year before, individuals found themselves at a greater risk than ever before when it came to having their data stolen. This is due to the fact that, according to Identify Theft Resource Center, the number of exposed records more than doubled from 197.6 million in 2017 to 446.5 million in 2018.

According to Norton, a data breach is a security incident in which information becomes accessed without authorization. This industry continues to grow and profit because hackers make a living seeking personally identifiable information in order to steal money, compromise identities, or sell data over the dark web. While the reasons can be plentiful, targeted attacks are primarily carried out in the following four ways.

  1. Exploiting system vulnerabilities: Due to out-of-date software, a hacker can sneak malware onto a computer and steal data.
  2. Weak passwords: These are easier for a hacker to guess, and this is especially the case if passwords contain whole words or phrases. Experts advise against simple passwords and favor unique ones with a mix of letters, numbers, and characters.
  3. Drive-by downloads: By visiting a compromised webpage, you can unintentionally download a virus or malware. This type of attack takes advantage of an out-of-date system or security flaw.
  4. Targeted malware attacks: Attackers use spam and phishing email tactics to try to trick the user into revealing credentials.

Check Yourself

Before you do anything else, the first step is to confirm that a data breach has actually occurred. Most importantly, don’t fall for subsequent emails or attempts at contact in which hackers may pose as a breached company attempting to access more of your information.

Instead, head directly to the company’s secure website or pick up the phone and confirm the breach, figuring out if your information was truly compromised or not. If you don’t know how to do this, contact the person or persons you have on staff or on contract to do this. If in doubt, call us. We can help.

Next, determine what type of data breach occurred from the above list and what information was exposed in the breach, such as social security number and other personally identifiable information. This step might be the most important one because of the varying levels of difficulty with which your personal information can be replaced. For example, while stolen credit cards can be quickly cancelled and replaced, SSNs prove much more difficult.

Lastly, don’t forget to change your online logins, passwords, and security Q&A. Monitor accounts closely. If personal information was compromised, consider filing taxes early.

eRisk-y Business

If you want to stay as up-to-date as possible on the latest scams, research, and resources about cybercrime and security, consider utilizing eRisk Hub, the CSD Pool’s free cyber security service.

This is a web-based portal that directly helps navigate any data breach event. Through it, you can receive free breach coaching, risk assessments, access to privacy experts, breach cost calculators, legal assistance, security remediation, and computer forensics. Even if you haven’t experienced a breach, you can sign up today for free and start receiving articles, videos, and other breach-related services, including PR and updates from cyber risk experts.

The Department of Homeland Security also provides free cyber training and assessments for public entities. Their services will train and test your employees on their susceptibility to phishing throughout a six-week period.

It’s time to consider your district’s vulnerabilities and make sure your systems are ready for an attack. From the Board of directors, to district management, to employees, remember to participate in proper training, annually review data security, and outline an action plan to ready you for the worst-case scenario. Your cyber security is in your hands.