America’s biggest bank JP Morgan Chase announced last week that it was the latest victim of a major security breach. According to their regulatory filing, data from nearly 80 million customers was exposed in a successful hacking attempt earlier this year. Though the bank was quick to emphasize that our money and most sensitive bits of info such as dates of birth, social security, passwords and IDs weren’t stolen, names, addresses, emails and phone numbers were – all which could be used to facilitate an identity theft, but which aren’t considered protected or sensitive in most cases. While it’s troubling that the country’s number one bank got hacked, what’s even more worrying is that the media, the public, and even Wall Street seemed to shrug it off and carry on.
What this means for you:
Americans seem to be developing what some analysts are dubbing data breach fatigue: everytime we look up, yet another high-profile company or livelihood staple has been hacked. The list reads like a modern family’s honey-do list: Target, Home Depot, Neiman Marcus, EBay, UPS, Apple, Nintendo, Sony, Albertsons, SuperValu, CHS, etc. There have been nearly 600 data breaches reported this year, up 27% over last year, and we aren’t even done with 2014. Fortunately, only a small percentage of the total population have been negatively impacted in a signficant way, though most of us have probably had one or more credit cards get canceled and replaced for fraudulent activity. What this is leading to is the general perception that these data breaches are “bad” only in a vaguely annoying way, and there is not much that an average person can do to protect themselves, “Heck, if JP Morgan can’t figure out how to keep the hackers at bay, how can I ever stand a chance?”
While it’s true you can’t stop JP Morgan from getting hacked, you can make it harder for cybercriminals to hack you: don’t give in to the fatigue – make them fight for every bit they try to steal from you. Change your passwords regularly, and use unique passwords for your important accounts. Keep a close eye on your credit card statements and your credit history. Make sure your all computers you use have up-to-date and functioning antivirus software. Avoid email attachments and unfamiliar websites. What was once considered “paranoia-level” precautions are the new standard of online safety. Considering that nearly half of Americans adults have had some form of their personal data stolen through an online breach, it’s safe to say that “they” are out to get you – paranoia or not.
After the massive security breach Target experienced in 2013, Home Depot management had the best intentions in immediately planning for a similar attack being directed at them. Unfortunately, they were about only a quarter of the way through their plans to beef up security at their stores when the big-box DIY chain recently announced that they’ve been hacked, with potentially tens of millions of customers exposed. To add insult to injury, its beginning to look like hackers penetrated Home Depot point-of-sale systems as far back as April.
What this means for you:
By now, you probably realize that there’s not much you can do other than what you’ve already been doing: use credit cards, not debit cards, wherever possible, and always keep an eagle-eye on your purchase history. Credit card companies are already doing a pretty good job with their fraud-detection algorithms – don’t ignore those automated calls when you get them. Given the massive number of breaches happening, it’s very likely that your credit card number has been stolen (or soon will be) if you shop at most large chain-based retailers.
As a business, you can take a lesson from Home Depot’s woes: move quickly. Home Depot’s implementation was likely hampered by both logistical complexity (hardware replacement at thousands of locations scattered across a gigantic area) as well as “traditional” corporate bureaucracy. There’s not much to be done for the first part except to take it into account when combating the second part, which while understandable, will lead to disastrous consequences. Cyber criminals aren’t slowed by corporate chain-of-command – don’t let your decision making process expose you to a damaging security breach.