Steps to take to recover after a data breach

Data breaches have become a part of modern life in our connected world. Everyone is at risk of potential data breaches and having their data used fraudulently. However, just because there is a data breach, it doesn’t mean you’ll become a victim of Identity theft. To avoid any further harm to your online identity, there are certain steps you can take to make sure you contain the threat. These will potentially save your finances, credit score and your identity, keeping them away from criminals.

Here are the steps you need to take right away if you find out that your data has been breached:

1.) Immediately change your password. 

These need to be a combination of letters, numbers and special characters. The password needs to be unique to every online account you have. Duplicating passwords gives hackers more chances to access your accounts. Using a password manager can help you store your passwords securely. You also need to change your passwords regularly.

2.) Set up two factor authentication. 

Adding two factor authentication increases your protection, companies such as Facebook and Microsoft have these authentication processes in place if you wish to use them. They add an extra layer of security, usually requiring you to enter a code you’ve received via SMS.

3.) Check your credit report and accounts regularly.

Make sure that there is nothing there that is unfamiliar to you, if there is, contact the company straight away and alert them to what has happened, the quicker you act the less damage caused. A credit report allows you to view most of your financial information in one place.

4.) Look out for regular updates from the breached company.

They may release press releases and maintain a feed to the affected parties. For example, users were usually logged out of their Facebook accounts if they were affected in the most recent Facebook data breach. Users should keep up to date with any information regarding the breach by using social media platforms or the company websites, users may also be notified by email.

Following these steps may result in limiting the amount of damage caused by your leaked data. There are many tools that can alert you to suspicious activity and help protect your personal data, such as Cyberman365. There is also a free service offered by the Federal Trade Commission which offers a recovery plan for when the worst happens, you can find it here: 

Take a look at our other articles for more useful resources.


6 ways to fall victim to identity theft

Overall, 33 percent of U.S. adults have experienced identity theft, which is more than twice the global average. Make sure you are aware of these common traps when it comes to identity theft.

Malware & Viruses

Criminals use tactics to infiltrate your devices and may steal information or hold your device and files to ransom until you pay a fee.

Data Breaches

Unfortunately companies often fall victim to data breaches where customers’ personal information is exposed. This means criminals can get hold of your data.

Mail Theft

If you have an unlocked mailbox, identity thieves can easily steal your mail containing your personal information.This also applies to your garbage so make sure you shred any personal data.

Change of Address

With just a name and address someone can divert your mail. They can then collect additional information about you such as credit card information or your Social Security Number.

Wallet Theft

If someone gets hold of your wallet, think about how much information they would have on you, SSN, name, age, bank accounts, health insurance details and more.

Oversharing on Social Media

Always be aware of what you are sharing, if strangers can predict your movements it’s easy for them to steal your identity or belongings.


World Password Day! How long would it take to crack your passwords?

Months, days, hours, seconds?

Here are the top 5 worst passwords of 2020 from NordPass. The list shows you how many times a password has been used, and how much time it would take to crack it. Find out more here.

Check if your password is on the list, if it is, then you need to strengthen it. Try using a random password generator.

If you’d like to share you can download our image here.


The sites that are sharing your personal information

You may be shocked to discover just how much these sites share about you.

People data sites may contain your current and previous home addresses, relatives, phone numbers, email addresses, neighbors and more. Anybody can visit these sites and look up your personal data.

Cyber and Privacy expert David Derigiotis has created a useful resource to explain how you can opt-out of these data sites.

This is a great first step to start reducing your digital footprint.

The downloadable resource covers the following points and more:

  1. When removing the information from the following organizations, consider creating an anonymous email.
  2. Consider using the following email service providers which offer users a greater sense of privacy.
    • ProtonMail:
    • Tutanota:
  3. These two email providers offer a secure email service with built in end to end encryption. With end to end encryption, content within the email is not accessible by the company itself when emailing within the network (ex. ProtonMail to ProtonMail user). Only the communicating users can read the content.

The list is not exhaustive but will provide a good start for reducing your digital footprint. Many of these sites may require your follow up before successful data removal occurs. Please be sure to record the date you initially contact the service and document once removal is verified. Be diligent.

Download our guide with links for the websites that are holding your information and where you can opt-out to remove your data.


Stay Alert for COVID-19 Vaccine Scams!

COVID-19 vaccines are rolling out and that’s great news! While we eagerly anticipate vaccine distribution, please stay alert for COVID-19 vaccine scams.

Here’s how to avoid a vaccine-related scam:

  • The vaccine will most likely be free (given the public health emergency) so be highly skeptical of any email or communication requesting money in exchange for the vaccine.
  • You can’t pay to put your name on a list or get early access to the vaccine.
  • No one from a vaccine distribution site or health care provider will contact you for your Social Security number, credit card or bank account information.
  • Stay alert for providers offering other products, treatments, or medicines to prevent the virus.
  • ALWAYS check with your health care provider before paying for or receiving any COVID-19-related treatment.

Additionally, be highly skeptical of emails that create a sense of urgency or fear and persuade you to click on a link or open an attachment like the following. 

  • “CLICK here/OPEN this attachment to learn about the potential side effects of the vaccine!”
  • “CLICK here/OPEN this attachment to hear real stories of allergic reactions to the vaccine!”
  • “CLICK here/OPEN this attachment to get early access to the vaccine!”


Lose the contents of your bank account in a few taps

Scam alert! Despite instant fraud alerts from banks, victims are still authorizing money transfers straight into criminals’ bank accounts with this convincing scam.

This new scam is skyrocketing in Europe and it’s already started growing in the US too.

The report includes a real life case study featuring a regular family who transferred £25,000 out of their account to fraudsters. Find out where they went wrong so you can recognize when you are at risk.

Find out more with Neil Gurnhill’s in depth piece on the topic.


Data Privacy Day tips: How to protect your personal information

You may feel like there is little you can do to protect your personal data. However, there are steps you can take to learn about how your data is collected, shared and used. Follow these basic privacy tips to help improve how you manage your personal information and make informed decisions about who receives your data.

Tips to protect your privacy:

  1. Personal info is like money: Personal information, such as your purchase history, IP address, or location, has tremendous value to businesses – just like money. Have you ever received something for free? Installed a free app or downloaded an eBook? If so it’s usually not really free, the cost is access to your personal information. Consider whether the benefit is worth sharing your data.
  2. Keep tabs on your apps. Many apps ask for access to personal information, such as your geographic location, contacts list and photo album, before you can use their services. Be wary of apps that require access to information that is not required or relevant for the services they are offering. Delete unused apps on your internet-connect devices and keep others secure by performing updates. 
  3. Manage your privacy settings. Check the privacy and security settings on web services and apps and set them to your comfort level for information sharing. Each device, application or browser you use will have different features to limit how and with whom you share information. Get started with NCSA’s Manage Your Privacy Settings page:
  4. Check for data breaches. Google Chrome has a super useful feature that alerts you if your accounts have been breached and alerts you to change your passwords. You can also use other sites like to see if your email address has been involved in a data breach.

Find out more here.


Identity Theft Recovery Plan

What should you do if you are a victim of identity theft?

Dealing with identity theft is stressful and time-consuming, you may not know where to start.

Cyber and Privacy expert David Derigiotis has put together an excellent resource so you can be prepared should the worse happen.

We often talk about what people can do to avoid scams and fraud but when it does happen, a game plan is needed.

David Derigiotis, Cyber and Privacy expert

“I am sharing this important resource but I hope you will never have to use it.

I recently put together a recovery roadmap for the family member of a colleague dealing with identity theft. They did not know where to start for untangling the mess some criminal put them in-most people don’t. I want to provide greater assistance in sharing this recovery tool with a broader audience in the event it is needed. The sample letter in this document is right from the FTC website as well as many of the steps outlined in the path to recovery.

Please feel free to download this plan and share it. Have it readily available in the event that you, a family member or client experiences some form of ID theft or fraud. We often talk about what people can do to avoid scams and fraud but when it does happen, a game plan is needed.”

We often talk about what people can do to avoid scams and fraud but when it does happen, a game plan is needed.

The resource includes steps you should take, in detail:

  1. File an identity theft report with the FTC
  2. Use the FTC identity report to file a case with your local law enforcement
  3. Call the fraud department of each business where an account was opened
  4. Request a copy of your credit report with each of the national credit bureaus
  5. Consider placing a fraud alert and security freeze with the above bureaus
  6. And a pre-written letter template to a credit bureau. The sample letter will help remove inaccurate information on your credit report. You just need to replace the text in brackets to customize the letter to your specific identity theft incident.

Download the resource for instruction on how to complete each point above.

Children online safety

Virtual Learning: Cyber Safety Checklist

Avoid Zoombombing and maintain control of the online class! Teachers who host Zoom Meetings should set meeting controls before class begins:

  • Lock the meeting after all have joined 
  • Disable “Join before host” so students can’t join a meeting before you start it
  • Do not share meeting invite publicly
  • Force all new participants joining a meeting to enter the Waiting Room (where you can admit them on an individual basis) 
  • Restrict participants’ ability to: 
    • Share their screens 
    • Chat in a meeting 
    • Rename themselves 
    • Annotate on the host’s shared content 
  • For new updates visit:

Students: Use your school issued email address for school related activities only! 

  • Using a school issued email address for outside activities (social media, online gaming, etc.) will put your school account at risk when those third party sites are breached! This risk is significantly elevated when passwords are reused. This is what cyber criminals are expecting you to do! (Never reuse the same password across multiple sits)
  • Schools can run a scan of their domain here to see what email accounts have been compromised in third party data breaches (findings will be redacted):

Teachers & Students: Update your software!

  • Unpatched or outdated operating systems are full of vulnerabilities and deficiencies. Make sure all apps, browsers (Firefox, Chrome, etc.) and operating systems (Microsoft Windows, Apple iOS, Android, Etc.) are fully patched and running on the most current version available. 

Teachers & Students: Protect your device with anti-malware/antivirus software 

  • Clicking on one link, opening an attachment or visiting a compromised website can result in you downloading a virus or other malware. Protect your computer by installing protection against these types of infections. 

Parents & Teachers: Properly secure your Wireless Router & Wi-Fi!

  • Change the admin credentials on the router from the default username and password. This is one of the first things an attacker will try when attempting to access your wireless router. Check the router’s instruction manual or do an online search, “How to change router username and password” for help.
  • Change your Wi-Fi name (SSID) to something unique and private. Avoid displaying the router manufacturer such as “Netgear,” “Linksys“ or other private information such as your family name. Also consider hiding the Wi-Fi name altogether so it cannot be easily detected by novice hackers or data collectors. 
  • Enable WPA2 wireless encryption so that only authorized users can connect to your network.

Visit to find out more about personal cyber insurance for individuals, families and homes.

Download our free resources below: