February 6, 2015
This week, the second largest health insurer in the U.S. became the victim of a massive cyberattack – the latest in what’s becoming an unnervingly common occurrence (see New Cyberattack Targets 1,000 Major Networks – and Probably More and Recent Cyberattack Calls Device Unlocking Policies into Question.
Information belonging to Anthem Inc. customers, as well as accounts associated with Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Blue Cross and Blue Shield of Georgia, Empire Blue Cross and Blue Shield, Amerigroup, Caremore, Unicare, Healthlink, and DeCare were all part of the data breach.*
The aftermath: Stolen social security numbers and other personal information, hacked servers, and (though we don’t yet know the full extent of the breach) a huge loss of trust in IT security.
According to the company, Anthem will provide credit monitoring and identity protection services free of charge to those who have been affected (many of whom are yet unaware that their information was stolen), in addition to working with the FBI and hiring a cybersecurity company to assess its systems.
In a world of instant sharing and storing information in the cloud, getting complacent with your security is more dangerous than ever. Case in point, Anthem had not been actively working with any cybersecurity firms (such as the one it has currently retained to evaluate its systems) when the hacking took place.
To effectively protect your sensitive information from the ever-growing threat of cyberattacks, it’s vital to make cybersecurity an ongoing effort – especially if it’s sensitive company information that’s on the line (see Don’t Overlook Enterprise Security).
With that in mind, here are a few key pieces of advice to ensure that your information is secure as possible. For more tips and best practices, see Security Advice from Cyber-Experts.
As we mentioned in our post, The Worst Passwords of 2014, it can be difficult to follow the best practices of password security. This includes making sure it’s complex (following no simple patterns), changing it consistently over time (we recommend 6 months), and using different passwords for various systems/websites.
Following these best practices usually leads to an overwhelming number of passwords for you to remember – and that’s where a password manager comes in. Not only does it provides you with strong, unique passwords for all of your accounts, but it also keeps them in a secure encrypted vault on your device.
Think about how many of your passwords are similar, with only a few symbols or letters differentiating them.
While this may make things easier for you to remember, it’s also a hacker’s dream, and it certainly won’t protect you in the event of a cyberattack. That’s because all it takes to get your credentials is one non-secure site you use. If all of your usernames and passwords are variations of the hacked account, your information becomes an open book.
Never open correspondence, click links, or download content from unknown sources (see 7 Mobile Security Mistakes to Stop Making in 2015). Remember: Legitimate companies won’t ask for sensitive information through unsecured channels.
The Anthem breach included names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information (including income data). Criminals may use this stolen information to send email or texts that appear to be from people or sites you trust.†
Checking up on your finances and past transactions can help you keep track of your finances. But most importantly, it will become easier to pinpoint unfamiliar charges and quickly identify fraud.†
If you see charges you don’t recognize, contact the fraud department at your bank or credit card provider right away.
As a follow-up to step 4, consistently monitoring your credit report (with the multitude of free credit tools available) can help you recognize if you’ve become the victim of fraud.
Everyone is entitled to a free report every 12 months from each of the three credit bureaus: Equifax, Experian and TransUnion. According to Forbes,† you can get your report from AnnualCreditReport.com or by calling 1-877-322-8228.
As we mentioned in our post, The Worst Passwords of 2014, two-factor authentication is an extra layer of protection, requiring users to not only log in using a password, but also to complete an additional verification step. For example, after entering the correct password, you may also have to enter a 4-digit code sent to your mobile phone.
True, this might seem like a hassle, but it’s worth the extra couple of seconds.
* McNeal, Gregory S. Health Insurer Anthem Struck By Massive Data Breach, Forbes. Forbes.com LLC.
† McNeal, Gregory S. 6 Ways To Protect Yourself After The Anthem Data Breach, Forbes. Forbes.com LLC.