Tag Archives: troy hunt

The Equifax Breach and Protecting Your Online Data

The Equifax Breach and Protecting Your Online Data

As we all know by now, the Equifax breach exposed the credit reports of over a 140 million Americans. What are in these reports? They include the credit histories of consumers along with their social security numbers. That makes this breach particularly painful.

The breach has also raised the profile of the somewhat mysterious big three national credit reporting agencies or NCRAs — Experian and TransUnion are the other two. Lenders use NCRAs to help them decide whether to approve credit for auto loans, mortgages, home improvement, and of course new credit cards.

NCRAs Are Supposed to Protect Against Identity Theft

Let’s say the Equifax hackers go into phase two of their business plan, likely selling  personally identifiable information (PII) to cyber gangs and others who will directly  open up fake accounts. Of course, the stolen social security numbers makes this particularly easy to attempt.

The bank or other lender extending credit will normally check the identity and credit worthiness of the person by contacting the NCRAs, who under red flag rules are supposed to help lenders spot identity theft. Often times (but not always), the cyber thieves will use a different address than the victim’s when applying for credit, and this anomaly should be noticed by the NCRAs, who have the real home address.

The credit report should in theory then be flagged so future lenders will be on alert as well, and the financial company originally asking for the report is also warned of possible identify theft for the credit application.

I am not the first to observe that the irony level of the Equifax breach is in the red-zone – like at 11 or 12. The NCRAs are entrusted with our most personal financial data, and they’re the ones who are supposed to protect consumers against identity theft.

Unfortunately, an NCRA hacking is not a new phenomenon, and the big three have even been the target of class action suits brought by affected consumers under the Fair Credit Reporting Act (FCRA). To no one’s surprise, the legal suits have already begun for the Equifax breach – the last count puts it at 23.

What Consumers Should Do

While we hope that red flags have been already placed on affected accounts, it’s probably best to take matters into your own hands. The FTC, the agency in charge of enforcing the FCRA, recommends a few action steps.

At a minimum, you should go to the Equifax link and see if your social security number is one that’s been exposed. If so, you can get free credit monitoring for a year — in short, you’ll know if someone tries to request credit in your name.

(Yes, I just did it myself, and discovered my number might have been compromised. I went ahead and subscribed for the credit monitoring.)

If you’re really paranoid, you can go a step further and put a credit freeze on your credit report. This restricts access to the credit report held by the NCRAs, and in theory, should prevent lenders from creating new accounts. Normally, this would be a charge, but Experian graciously arranged to freeze the reports for free after outraged consumers protested.

None of these measures are fool proof, and clever attackers and thieves can get around these protections.

Online Protection With The Troy Hunt Course

Besides social security numbers, the hackers hauled away a lot of PII – names, addresses, and likely bank and credit card companies. As far as I can tell, passwords were not taken by the Equifax hackers.

Obviously, social security numbers are the most monetizable, but the other PII is still useful, particularly in phishing attacks. Readers of this blog know how we feel on the subject: any online information gained by hackers can and will be used against you!

So we should all be on alert for phish mails from what may appear to be our banks and other financial companies, and we should be wary of other scams.

That’s where the indispensable security expert Troy Hunt can help us all! His Internet Security Basics video course is a favorite of ours because it breaks down online security into a series of simple lessons that non-technical folks can quickly understand and take action on.

I draw your attention to Lesson Three, “How to know when to trust a website”, which will be incredible helpful in helping you avoid  the coming wave of online scams.

Let’s not waste a crisis: it’s probably also a good time to review and change online passwords and understand what makes for good passwords. Troy’s Lesson Two, ‘How to Choose a Good Password” we’ll bring you up to speed on passphrases and password managers.

The Equifax breach is as bad as it gets, but let’s not make it worse by letting cyber thieves exploit us again through lame phishing emails.

Learn how to protect yourself online with security pro Troy Hunt’s five-part course.

Internet Security Basics: How to Protect Yourself Online

Internet Security Basics - How to Protect Yourself Online

It’s the holidays, which means one thing if you’re in IT: dealing with eggnog related support tickets.

It’s hard to get excited about a small holiday light display that comes around once a year when you spend weeks at a time in a large frosty room, sporting thousands of machines with dozens of flashing leds each.

Well, Varonis has got you this year. We’ve developed a security course designed specifically for you to give to your family, friends and users that will help keep them safe online and, more importantly, stop them from asking you wildly uninformed questions.

Our Internet security basics course covers, well, internet security basics. What makes the best password? Why should I keep clicking ok on this software update? Why should I NOT click on this security warning? And maybe just don’t put a social security number into a mobile game.

Whether it’s your proud 96 year old “GramGram” whose computer keeps sending you obvious phishing requests like: “How come you don’t visit me? The cat misses you and the sidewalk needs to be shoveled.”

Or your Uncle who has been just a little too deep into Facebook news lately and keeps telling you that: “I make all my passwords ‘password’ because it’s so obvious that those hackers and whozits will never think of it.

Our early holiday gift to you is not having to explain these concepts to your friends and family. We’ve had professional security expert Troy Hunt (creator of HaveIBeenPwned and all around nice guy) create a series of videos designed specifically to help them develop the skills and understanding they need to stay safe online.

The course covers how to keep your passwords safe, end user issues like VPN and SSL use, and how to consider new things like IoT devices.

Help keep the people you know safe online by sending them here.

The Enemy Within: A Free Security Training Course by Troy Hunt

The Enemy Within: A Free Security Training Course by Troy Hunt

It takes a very long time to discover a threat on your network according to the Verizon DBIR:

breach-discovery

Which is mind-boggling given the most devastating breaches often start with an insider—either an employee or an attacker that gets inside using an insider’s credentials. Target, OPM, Panama Papers, Wikileaks. The list goes on and on.

The truth is that many organizations are behind the curve when it comes to understanding and defending against insider threats.

So when we were tossing around topic ideas with Troy, it quickly became clear what our next video course should focus on.

I’m happy to announce the third course in our free, CPE-eligible security training series—The Enemy Within: Understanding Insider Threats.



Get all the videos now



What’s inside?

The course is broken into 8 video modules totaling over an hour worth of entertaining material covering where insider threats originate from, how they exfiltrate data, and how to stop them.

More free content

While you’re at it, grab the previous two courses in the series:

About Troy

Troy is a Microsoft Regional Director, most Valuable Professional and top-rated international speaker on online security, regularly delivering the number one rated talk at events across the globe. He’s also the author of 26 online Pluralsight courses which frequently feature at the top of the charts. Troy’s site, HaveIBeenPwned.com, is one of the world’s most popular data breach verification sites.