We made it through another year with aplomb—or at least that’s what we tell ourselves after making another successful orbit around the Sun. Rather than doing a “the year that was,” we’ve decided to instead examine “the weeks that just were.”
Specifically, we’re going to look at a recent data breach and new security risk that could affect you or your clients.
What company had a security breach?
On December 28, 2017, Ancestry.com made public a data breach affecting roughly 300,000 members of their website.
Here’s what happened.
Accounts for RootsWeb, Ancestry.com’s online forum, were compromised. While the company reports that their forum does not record sensitive information like Social Security numbers or banking information, it’s important to remember that a lot of people use the same password for everything. If a cybercriminal learns your account password and already has some of your private information—and let’s face it, after the Equifax breach affecting nearly 150 million Americans, it’s pretty likely—that’s a serious problem.
Think about it this way: do you use the same password for your email address that you use for your online banking account or credit card account? Do you also use that password for other online accounts, like, say, Ancestry.com?
Yeah, that’s a problem.
How does my computer processor pose a security risk?
The simple version is that some computer processors from Intel, AMD, and ARM have a hardware-specific problem that opens computers up to cybercriminals. The problem, unpatched, allows these thieves using a specific type of malware access to your private information—essentially letting the ne’er-do-well bypass your security software.
While it’s a hardware vulnerability, there is an available software fix. Unfortunately, the fix slows down processor speeds. That being said, protecting yourself from this particular issue is the very first point in the next section.
What can I do to protect myself from a data breach?
If you’re a regular GruntWorx blog reader, you know we’ve covered what IRS recommends you do should your private data be compromised, but it never hurts to have a quick primer.
One of the first things you should do to prevent a data breach is make sure that all of your software—from operating system to video games—is updated to the most recent patch. Remember the WannaCry ransomware that was making the rounds in May 2017? That could have been prevented by simply installing a Windows update.
The next thing on your list should be learning how to spot phishing emails and avoid opening them. This is a pretty old tactic for identity thieves, but it remands standard practice due to its relative success. Phishing emails can take many forms: prospective client communications, retailer advertisements, internal office communications, and much more. If you receive an email containing an attachment you didn’t explicitly request, DO NOT DOWNLOAD IT. (The same can be said for included links, which often lead to websites containing scripts that automatically install malware on your device.)
Many businesses simply make it a rule that no employees are allowed to open email attachments, opting for directly accessing important documents via shared network hard drives. Regardless of whether you take such a hardline approach in your office or something a little less stringent, it’s important that you clearly communicate the risk to employees.
Another key safeguard? Make sure you have security software installed on any device that accesses sensitive documents. This can mean anti-virus, anti-spyware, and other similar types of software. Should you accidentally get an infection, there are programs designed to identify, quarantine, and remove it.
What should I do if my private data has been compromised?
If you’re the victim of identity theft, one thing you should consider is freezing your credit with Equifax, Transunion, and Experian. While this won’t close credit card accounts that have already been opened by criminals, it will stop them from being able to open new accounts.
Filing season is almost here.
IRS just announced that filing season will officially begin on January 29, 2018. Aside from the mountain of work you’re getting ready to climb, that also means a significant increase in identity theft tactics, like phishing emails. Make sure you’ve done everything you can to avoid being a victim.
Ryan Norton, Contributor