6 Steps Consumers Should Take Following a Hack
Without the luxury of an IT security team to help them after a breach or credit card compromise, consumers will want to keep these tips in mind.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt2e90c05bbda1147f/64f0d2e7f53a99a8d6971e58/Slide1CoverArt.jpeg?width=700&auto=webp&quality=80&disable=upscale)
Corporate employees typically have IT departments and security teams available to them when a breach takes place. But what about the everyday consumer?
Anybody can be hacked or have a credit card compromised. According to Liz Lasher, vice president of fraud, financial crime and cyber risk at FICO, consumers can prevent that from happening just by taking better care of their passwords. She points to the recently released FICO Consumer Digital Banking study, which found only 42% of Americans said they use separate passwords to access multiple accounts and only 23% use a password manager.
"Consumers can report their incidents to the authorities, but they are better off taking practical, proactive steps to improve security," Lasher advises.
With that in mind, we've compiled a list of tips that consumers can use in the event of a breach, along with how to prevent future attacks. These tips also apply to anyone who runs a small business, or rank-and-file factory and retail workers who don't have corporate expense account jobs and access to highly trained security pros.
More often than not, consumers won't know they've been hacked until they check their bank statements, receive their monthly bills weeks later, or realize their credit card companies or banks suddenly put a hold on their accounts. Keep calm, FICO's Lasher advises. Especially with a compromised credit card for a small charge clearly outside of typical purchases, banks are fairly well-equipped to issue a refund and new card.
In most cases, Lasher says, hackers aren't interested in the few thousand dollars most people have in their personal checking accounts. Instead, they are more apt to go after high net worth individuals as opposed to the average consumer who lives on a tight monthly budget.
The world is not always fair. If something goes wrong with an account, the burden of proof often falls on the consumer.
Ken Underhill, a master instructor at Cybrary, says banks and credit card companies will normally issue consumers a credit for an unauthorized charge and issue a new card, but in many instances they must prove the charge wasn't legitimate. Not all incidents require proof -- for example, if a person normally only buys goods in the U.S. and then a random transactions occurs overseas on the card -- but, as a general rule, any charge outside of typical means a bank is likely to ask for proof that the account-holder didn't make it.
Underhill offers several steps consumers can take to prepare for such situations: Keep two copies of tax returns with two different cloud providers, have all bank statements on hand, and, for small-business owners, keep two copies of business receipts in the cloud.
Moving forward, consumers should set aside one hour a week to go over their accounts and check for any unauthorized charges, Underhill says. It's really a matter of changing habits and deciding to become more proactive.
Just about every security expert will say consumers should not notify the FBI if they are personally hacked or compromised. In fact, unless the crime is somewhere in the $200,000 to $300,000 range, the FBI usually won't get involved; it is simply too busy and focused on more high-profile cases. Local police will take a report, but there's not much they can do in most cases.
Rather, Daniel Smith, head of security research at Radware, recommends filing a consumer complaint with the FTC and, in the case of a compromised Social Security number, the Social Security Administration's Office of Inspector General.
Following a compromise, consumers should create new email addresses for their hacked accounts and change their cell phone numbers, Radware's Smith says. While asking for a new cell phone number is a bit of an inconvenience, most carriers will only charge $10 to $15 to do so, he says.
Consumers can take additional proactive steps, FICO's Lasher says. For starters, they should always enable the alerts in any applications they use. And if a bank or credit card company calls and tells them their account has been compromised, ask for a job ticket number and call it back to ensure it truly is that company, she says. Another step consumers can take is to freeze their personal credit and that of their children. Many attackers will set up fraudulent accounts in the names of children they get from social media and gaming apps and apply for bank loans and credit cards fraudulently.
Many tools are available to consumers so they can organize their financial lives. FICO's Lasher likes mint.com because it gives her a single view of all of her accounts at once. This comes in handy not only from a day-to-day perspective, but also in the event of a compromise in that consumers can check the account they've been notified about, as well as all of their other accounts, for irregular activity.
Cybrary's Underhill also recommends consumers use VirusTotal so they can be updated on the status of all new malware, plus share malware with the VirusTotal security community. The service keeps the security community and users up-to-speed on many of the latest threats, he explains.
Security pros are like coaches who repeat the same bromides, but cyber hygiene can prevent the vast majority of breaches and compromises. For starters, consumers need to execute operating system and application updates when prompted. And they should also back up their data at least once a week, if not every day. It's also good to back up data on multiple cloud apps, such as Google Drive, Microsoft OneDrive, and Dropbox.
Consumers also need to use strong passwords and enable two-factor authentication (2FA) whenever possible. Most web applications offer a 2FA option (consumers can check in the settings of the app), especially for e-commerce and gaming apps. Consumers might also try using a password manager and hardware-based authentication options like the YubiKey.
Security pros are like coaches who repeat the same bromides, but cyber hygiene can prevent the vast majority of breaches and compromises. For starters, consumers need to execute operating system and application updates when prompted. And they should also back up their data at least once a week, if not every day. It's also good to back up data on multiple cloud apps, such as Google Drive, Microsoft OneDrive, and Dropbox.
Consumers also need to use strong passwords and enable two-factor authentication (2FA) whenever possible. Most web applications offer a 2FA option (consumers can check in the settings of the app), especially for e-commerce and gaming apps. Consumers might also try using a password manager and hardware-based authentication options like the YubiKey.
Corporate employees typically have IT departments and security teams available to them when a breach takes place. But what about the everyday consumer?
Anybody can be hacked or have a credit card compromised. According to Liz Lasher, vice president of fraud, financial crime and cyber risk at FICO, consumers can prevent that from happening just by taking better care of their passwords. She points to the recently released FICO Consumer Digital Banking study, which found only 42% of Americans said they use separate passwords to access multiple accounts and only 23% use a password manager.
"Consumers can report their incidents to the authorities, but they are better off taking practical, proactive steps to improve security," Lasher advises.
With that in mind, we've compiled a list of tips that consumers can use in the event of a breach, along with how to prevent future attacks. These tips also apply to anyone who runs a small business, or rank-and-file factory and retail workers who don't have corporate expense account jobs and access to highly trained security pros.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024