Tips: Safeguard Against Data Theft After Epsilon Breach

The Epsilon data leak incident was serious, as it exposed a large number of people to an attack called "spear phishing,” whereby an attacker targets specific users or organizations with attempts to steal personal information.

However, it is also important to realize that this incident could have been much worse. Many third-party organizations, ranging from identity management companies and large cloud service providers, like Google, have aggregated large amounts of our personal information in one place, making us increasingly vulnerable to the type of attack we saw with Epsilon, whereby a single breach can result in the compromise of a large amount of user data.

There are two big lessons we should take away from this incident. First, we must raise our own awareness about where our data is stored and become more cognizant of how we might be making ourselves vulnerable to these types of incidents by allowing data about us to be aggregated in just a few places. Second, we need better security tools: software will remain vulnerable, and compromise is inevitable.

Although this may be one of the largest data leaks we have seen in U.S. history, this is not the first instance of a very serious data leak. In the past, we have seen data leaks involving the breach of more sensitive information, including credit card numbers and even Social Security numbers. Facing the stark reality that these compromises are likely to continue and worsen, we must develop better tools for prevention (i.e., making it difficult for attackers to access data once they have compromised a system) and auditing (i.e., figuring out exactly what data has been breached, when, and by whom).

Here are some quick tips on what users can do to minimize the damage that a data breach can have on them.

1. Safeguard passwords for sites that hold a lot of your data. In particular, do not use the same password for a site like Google as you may use for other sites. This may at least reduce the risk that a breach of your password on another site would result in your password on a "higher value" site also being cracked.

2. Try not to store information related to your identity in these services. Specifically, users might want to be particularly careful about documents that contain Social Security numbers, birthdates, credit card numbers, passwords to other accounts (such as bank accounts), and other information.

3. Be aware of phishing attacks, and pay particular attention to any request to "reset" your password on a high-value site. These sites, as a general rule, will never send you a link by email asking you to enter your password. Pay particularly close attention to any message that comes via email asking you to click on a link where you are asked to enter a password.

4. Be on the lookout for suspicious login activity patterns to your account. Sites such as Google provide information about where on the network your account was last accessed from (there is typically a link at the bottom of the website for this). You might want to periodically check this information, to make sure that you recognize the places where your account has been accessed.

5. Take note of what sensitive data you may have stored in these services. If a data breach occurs, you will want to assess the worst-case scenario and take measures to protect yourself from fraud or identity theft. (For example, if you did have any documents with addresses, birthdates or sensitive information stored in these services, you may be more vulnerable to identity theft.)

In addition to things that users can do, there is also a serious need for more extensive protection against data leaks in the enterprise space. Software will continue to be vulnerable, and there will be users who will inevitably not take these recommendations. We do need better mechanisms to provide safeguards against these types of breaches in the event that a compromise does occur.

Featured

  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

Webinars

New Products

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3