Ways to protect yourself when a data breach happens

Any sites linked in this post do not respect my endorsement of that company or product. They are linked to provide more context or details, and are written in a way that anyone can understand. This is not 100% fool-proof way and to be taken as suggestions.

Knowing what a data breach is, can start to help in knowing of ways to protect yourself. It’s data of any sort being copied, viewed, sent, stolen, or used by someone or an organization that isn’t authorized to do so. The ones that are most heard on the news are websites where usernames, passwords, emails address are stolen. But it could include anything about someone or a company.

Why is this data breached? The two most common reasons are it could be sold elsewhere for money or that information could be used to try to hack into other accounts.

While these suggestions may not completely help if you do appear in a data breach, they are best to do from the start, and may stop someone from getting into another account you have.

While these suggestions may not completely help if you do appear in a data breach, they are best to do from the start, and may stop someone from getting into another account you have.

Different password for every website

Have a different password for every website. Not slightly different, but completely different. The best practice for this is to use a password manager, you will have to find one that fits your needs and budget and that may take some time. The only one I suggest against is LastPass as they have had many security issues.

When you have put all your passwords in your password manager, you can then make new random passwords for each site. Most password managers have a password generator, it’s encouraged to use it so you don’t have have to think about that new password.

Different username for each website

Some websites may let you login with a username (instead of a email address) and a password, use a different username so that it’s not as easy for someone to get into that website. You could use a cool username, you could use a string of characters (NMfjHt0 is one example). Whatever you use, use something different to make it harder to guess.

Does this make it harder for people to recognize you online? Yes it does, but it slows down someone from taking over your accounts.

Set Up Two-Factor Authentication

Even if you do use the same username and password on every single site, two-factor authentication will stop someone else from trying to login. It’s something else that is required to login if you enable it. Many security experts will suggest buying a physical device for two-factor (Wirecutter has a good list if you are looking for one), but you may not want to have an extra thing. Most sites will allow you to setup two-factor authentication using your password manager or text message (to your phone).

Usually you can enable this in the settings under privacy. If you are unsure you can search online to find out how to, or contact the company directly.

Use A Email Alias

If you use the same email address for every site, then someone will try to get into that email address (and therefore get access to everything), or know what email address to try on other websites. If you use an email alias then that email address will be unique to each site and if you start to get spam to it then you know that site has been breached in some way (or someone is trying random email addresses).

There are many companies that offer this, Gmail offers this using + and “dot”, Apple offer this as part of iCloud, and there are sites dedicated to just doing this such as Burner Email, erine.email and AnonAddy. They all range in features and in price.

There are many companies that offers email alias’s, and as long as you trust them (in terms of privacy and that they will be around a long time) then setup a different email alias for each website.

Do you need to give correct information?

You may sign up for a ton of websites, do they all need to have completely accurate information about you? Most likely not. The more correct information that someone has in a data breach, the more valuable it is. If it’s somewhere you need to buy something, then do enter correct information. If not, then you don’t need to.

Keep an eye on financial statements

Some data breaches include details about the payment (which they can use in many ways). It’s best to always keep an eye on your financial statements and contact the relevant payment company’s fraud department if there is something that you didn’t buy (usually this would be Visa, or MasterCard).

Don’t open what you aren’t expecting

Data breaches very often have email addresses in them. Those email addresses tend to get tons of emails that are considered spam or phishing. If you aren’t expecting an email from someone or a company, don’t open it to be on the safe side. This also goes for email attachments, if you aren’t sure or aren’t expecting it, then don’t open it.

Most data breaches don’t contain mailing addresses, but it’s always best practice to not open something that is mailed unless it’s addressed to you personally and you are expecting it.

If you are unsure about something, then contact the person or company that it’s from (preferably from any method other than the method that you got it from) and ask.

Have an anti-virus

There are conflicting arguments regarding if someone should use an anti-virus. Anti-virus’s don’t cover 100%, it’s always good to have common sense and anti-virus’s will stop things when needed.

With so many companies offering anti-virus solutions, which one should you use? I would suggest finding one on AV-TEST that has a great score and fits your budget.

Have it auto scan is good, having it scheduled to scan everything at a regular interval can give piece of mind and check for dormant viruses (any viruses that aren’t active because you haven’t opened the program or file that is infected).

Want to know if your anti-virus may have missed something? There are many that can be used as a second opinion, the BleepingComputer forum has a great forum post that lists many. When you have the one you want to use, run a full scan and see if it catches anything. Make sure it’s fully updated before scanning.

Be informed when a data breach happens

It’s great that you are protecting yourself when a data breach does happen, but how do you know when one does happens? Sometimes the company will let you know directly, but sometimes you need to be informed by other people. If it’s a huge breach and by a well-known company then the news may talk about it, otherwise you will rely on other people talking about it.

Who should you rely on? You may not want to rely on one person or company as they may miss breaches. One reputable site is Have I been pwned?. Before you sign up with any, you should check to see where their data comes from, it should be site / data breaches, and not some random information.

Does this mean you should set up all of this and stop caring? No. Because things can change, like websites shutting down then it’s important to be kept up to date, but now you don’t have to scramble when a data breach happens.

This is post number 93 as part of 100 Days To Offload.


Thanks for reading. If you like what you read or it has helped you in some way, please consider supporting me through PayPal, Ko-fi, E-Transfer (Canada only), or any of the other ways on my support page.